Please download/view the original advisory here.
The Joomla component com_golfcourseguide fails to sanitize the user input and therefore suffers from a remote SQL injection vulnerability.
Example URL
index.php?option=com_golfcourseguide&view=golfcourses&cid=1&id=[SQL Injection]
Versions affected
v0.9.6.0 beta, v1 beta
During the last weeks I have given Mobile Device Security a big thought. As you may know, especially mobile phones are one of the most widely spread sort of device in the world. Almost everyone living in the western world has at least one of them. It is obvious to think further and say that if it is possible to compromise the security of such devices that a big damage could occur. Think of someone hacking your phone and controlling it. Think of all the personal stuff you got on the storage/sim card. Think of all your contacts, the numbers dialed and maybe even pictures nobody else should see.
So mobile phones should be very secure, right? If someone would be able to take over control of such devices, it would be possible to track down many areas of our live. So the vendors should be making sure that every mobile phone is highly secure.
Insecure connections
Many mobile phones with Bluetooth abilities accept new incoming connections by default. This means that accessing data on these mobile phones is very easy (I have seen various live hacking demonstrations where the speaker simply hacked the smartphones of the audience without them knowing it).
Keyboard lock? Ehm yeah.
In most cases the keyboard lock of a cellular gets turned on when you don’t use it for a certain amount of time. Sadly this lock is of no use when you connect the mobile device to a computer and start a synchronisation tool. You still can access all the data without even having to enter a PIN or some sort of lock code. Furthermore some devices have a special way of unlocking the keyboard, e.g. by moving a bar from the left to the right. Very secure. If you left your phone let’s say at a restaurant, someone simply has to move the bar and then has access to the device.
Unencrypted data and connections
The files on mobile devices and storage cards are not encrypted in most cases. So are the connections to other phones.
Those are only three points concerning security issues, but at the same time this is already enough to state that the devices which we use daily are not secure enough.
Today I am releasing my Specialist Bed and Breakfast Website SQL Injection Exploit (remote).
[Download]
Description
The Specialist Bed and Breakfast Website SQL Injection Exploit takes advantage of a SQL injection vulnerability JaMbA discovered on 30th June 2010. The exploit source code also contains the table structure of the vulnerable product.
About the vulnerability
Learn more about the vulnerability here.
Features
- Check if provided URL is reachable
- Error handling for HTTP requests
- Display current database, MySQL user and the MySQL version
- Display the admin login data
- Easy to use (everything is simple and automated)
- User agent for HTTP requests
Additional information
Written in Python (less than 400 lines).
Usage example
python bed_and_breakfast_sploit.py – u “http://target/site/pages.php?fid=0,1,472&pp_id=84″
Disclaimer
Only use this tool to check websites you are allowed to test (e.g. for penetration testing). Never use this tool on foreign websites! Know and respect your local laws! I am not responsible if you cause any damage or run into trouble. This tool was written for educational purposes only.
Today I am releasing version 0.5 of my Simple SQL Injection Vulnerability Scanner.
[Download here]
It contains all the features from the first released version 0.3 and now contains – in addition – a column fuzzer. Simply start a scan by using python sqli_scanner.py -u “target” and then start fuzzing by using the parameter -fuzz “exploit url”. The exploit url will be provided by the scanner (when a vulnerability was found).
June 17th, 2010 in
SQL Injection,
Tools | tags:
column fuzzer,
Penetration Testing,
Python,
scanner,
script,
Security,
Security Assessment,
Simple SQL Injection Vulnerability Scanner,
sql injection,
vulnerabilities,
vulnerability scanner |
No Comments
Please view the original advisory here.
The “Membership Site Script” is exposed to SQL injection attacks.
>> #1 SQL Injection
target/view.php?id=[SQL Injection]
Please view the original advisory here.
The “Daily Inspirational Quotes Script” fails to properly sanitize the user input and is therefore exposed to SQL injection attacks.
>> #1 SQL Injection
target/tellafriend.php?id=[SQL Injection]
Please view the original advisory here.
The “Joke Website Script” is exposed to SQL Injection and Cross-Site Scripting attacks.
>> #1 SQL Injection
target/search.php?submit=Search&keyword=[SQLi]
>> #2 Cross-Site Scripting
target/search.php?submit=Search&keyword=[XSS]
Please download the original advisory here.
The “E-Book Store” is exposed to SQL injection attacks.
>> #1 SQL Injection
target/search.php?search=Search&keyword=[SQL Injection]
Please view the original advisory here.
The “Lyrics Script” suffers from various SQL Injection and Cross-Site Scripting vulnerabilities.
>> #1 SQL Injection
target/search_results.php?search=Search&k=[SQL Injection]
target/browse_artist.php?letter=[SQL Injection]
target/browse_song.php?letter=[SQL Injection]
>> #2 Cross-Site Scripting
target/search_results.php?search=Search&k=[XSS]
Please view the original advisory here.
The Dijitals CMS suffers from several XSS vulnerabilities. Built-in filters try to avoid XSS, sql injections and local + remote file inclusions. The XSS filters can be tricked by e.g. using String.fromCharcode.
