SQL inection on gdclive.nokia.com
Hi, this blog about SQL Injection in Nokia.com Allowed me to Dump all database
Full POC :
when I’m visiting this domain gdclive.nokia.com I’ve found something
First: this domain has been used an old version of Joomla CMS
let’s scan it using the joomscan tool for dumping all pieces of information about Joomla (plugins, version, etc..)
All results :
Joomla Version: 3.1
Plugins: JCK Editor (6.4.4)
searching for JCK Editor in exploit-db.com and I’ve found this exploit https://www.exploit-db.com/exploits/45423 let’s exploit it :D
Worked ..! you can see the version of the database :D
this is the time of SQLMAP Tool
$ sqlmap -u 'https://gdclive.nokia.com/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php?extension=menu&view=menu&parent=' --level=5 --risk=3 --random-agent --technique=U -p parent --batch --current-db --current-user
you can see the current user and the name of the database :)
After dumping all databases using the --all option and unencrypt the password of the admin account let’s login in admin panel
PWNED :D
You can see this video about this bug
Thanks ;0