Tuesday 1 December 2009

www.thehimalayantimes.com SQLi vulnerability

The himalayan times is one of the national daily newspapers from nepal and its site www.thehimalayantimes.com like other common nepali websites is also vulnerable to normal web hack. Its again lame SQL injection caused due to the poor coding level. I am having eye pain right now because of welding so I won't be posting much but anyway below is the SQLi hack...
the admin information can be stolen from admin table while tbl_member consists of registered user information so this may lead to secret private data stealing....
admin table consists of columns:
admin_user
admin_pass
admin_email
admin_fullname, etc.

So SQL query: SELECT * FROM admin
is going to give us everything on table admin...
And they are also using base64 encoding. I have said previously too that a single call to base64_decode() in PHP or using online base64 decoders (www.yellowpipe.com has one) we are gonna get the actual pass easily.
Some dumps:
user:pass:email for admin

sajy.j:Z0kzdDRQOXM=:sajyjacob@yahoo.com
bipul:YmlwdWxzMQ==:bipulendra.adhikari@gmail.com
ARUN:c2lsaWNh:monsterdom@gmail.com
etc.
You can try and get the dumps yourself; no more dumps.
Read the article I have written in my blog sampctricks.blogspot.com  http://sampctricks.blogspot.com/2009/05/securing-php-avoid-basic-exploits-and.html in order to remove these vulnerabilities. You have lots of them in your scripts.
Edit:
again it is F1 Soft work most probably and has got so many vulnerabilities. Admin panel is in a bit less used place but we can find it easily (No need to overthink and do bruteforcing for admin cp)... Also @THT admins, do not change location of admin panel rather secure your scripts...
Couldnot upload the screenshot because of slow net connection and my eye problem...

Thanks... 

2 comments: