Hi, this blog about SQL Injection in Nokia.com Allowed me to Dump all database
Full POC :
when I'm visiting this domain gdclive.nokia.com I've found something
First: this domain has been used an old version of Joomla CMS
let's scan it using the joomscan tool for dumping all pieces of information about Joomla (plugins, version, etc..)
All results :
Joomla Version: 3.1
Plugins: JCK Editor (6.4.4)
searching for JCK Editor in exploit-db.com
and I've found this exploit https://www.exploit-db.com/exploits/45423
let's exploit it :D
Worked ..!
you can see the version of the database :D
this is the time of SQLMAP Tool
$ sqlmap -u 'https://gdclive.nokia.com/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php?extension=menu&view=menu&parent=' --level=5 --risk=3 --random-agent --technique=U -p parent --batch --current-db --current-user
you can see the current user and the name of the database :)
After dumping all databases using the --all option and unencrypt the password of the admin account let's login in admin panel
PWNED :D
You can see this video about this bug
Thanks ;0
Top comments (1)
Thanks for sharing, this is pretty cool