Public School Website Compromised
#1
Greetings everyone,

This Is a sneak peek at a website that I compromised around a week ago, which was performed via an SQLi attack. Obviously It was vulnerable to SQLi, thus It wasn't too difficult at all. I won't go Into any detail as to how It was done, mainly because I plan on documenting an In depth tutorial on the methodologies used with In-band SQLi (error-based & union-based), how to Identify, obtain and display vulnerable columns, bypassing WAFs (Web Application Firewalls) with keyword filtering and the like, and using the columns to exploit the database, Inclusive of Identifying all tables and performing a database dump.

I've compromised hundreds of sites and I'm quite amazed at the magnitude of vulnerabilities. We're all security-minded and take our privacy quite seriously, but the question remains "how safe Is your private Info with your school/university, real estate agent, medical practitioner, superannuation fund, a given merchant that you've purchased from by entering your credit card details", and so forth. I'm saying this based on experience- whereby I've compromised sites of this very nature.

So what you're about to view Is simply an awareness factor, whereby If you're a student at this school, say goodbye to your Identity. For security reasons, the ID of the website has been hidden.

After checking & Identifying It's vulnerable to SQLi and gaining access, I'm now In the admin panel.


To cut things short, I had to authenticate to get to the next screen which was to perform a backup and download the database. First the backup.


The database backup Is now In progress.


Just what I wanted to see- a successful backup performed.


Downloading the database to a directory of my choice.


I now have the school's database at my disposal.


A password change could've easily taken place, but I left It as Is.


I also could've have edited and deleted every student on the campus.


As mentioned, this Is just a simple demonstration without elaboration. You can see by the timestamp In the Images that this was performed around a week ago, and It took me this long to finally contribute It here. So yes, I'm quite busy but I shall document a tutorial (on a different website) explaining what I mentioned In the opening paragraph.

EDIT: @Albus, I've contributed 8 spoilers, but for some reason only "6 spoiler tags" are showing. Not sure why.
#2
This is why your signature is so relevant.
Maybe you could offer to fix the SQL error for the school for a fee as such?
But regardless that is some good work once again mothered, :)
Reply
#3
(07-29-2016, 03:35 PM)StrandedBanana Wrote: This is why your signature is so relevant.
Maybe you could offer to fix the SQL error for the school for a fee as such?
But regardless that is some good work once again mothered, :)

Thank you my friend. As said, It's easy because It's vulnerable.

It's skips a minor step because not all spoilers are displayed, hence content Is missing. I'm sure Albus will offer a fix. When I document an In depth tutorial, It will demonstrate just how easy It Is to get Info such as the database version (which Is quite Important pertaining to MySQL version >5, as It contains the "Information_schema" database that makes life a lot easier), name, current user, OS, architecture, port number, sym links (If any), MAC address, hostname- all from exploiting just the one vulnerable column.

This Is all simple to those who know, but I'm sure It'll come In handy for anyone new to the scene.
Reply
#4
Fixed for you mate. There were two spoilers that started correctly with
Code:
[spoiler]
but ended their lines with
Code:
[/b]

[Image: b0f672c2d38d4087a06419dfaba50529.png]



Anyways, I'm happy to see this write-up in place since we had already spoken regarding it. It is well-written and serves as a nice means of showcasing what can be done when SQLi is successful.
Reply
#5
(07-29-2016, 04:10 PM)Albus Wrote: Fixed for you mate. There were two spoilers that started  correctly with
Code:
[spoiler]
but ended their lines with
Code:
[/b]

[Image: b0f672c2d38d4087a06419dfaba50529.png]



Anyways, I'm happy to see this write-up in place since we had already spoken regarding it. It is well-written and serves as a nice means of showcasing what can be done when SQLi is successful.

Thanks for fixing It Albus.

My goodness, I must be exhausted to not realize such a simple error In the BBCode. Thanks for your kind comments, appreciated.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
[GOV] Life Insurance Website Compromised mothered 10 9,823 08-23-2016, 02:43 PM
Last Post: mothered
Airline Website Compromised mothered 2 3,347 08-13-2016, 02:46 PM
Last Post: mothered

Forum Jump:


Users browsing this thread: 1 Guest(s)