The Next Generation Of Genealogy Sitebuilding SQL Injection

The Next Generation of Genealogy Sitebuilding versions prior to 11.1.1 suffer from a remote SQL injection vulnerability.


MD5 | e3c770602a7524f088a27921dd461267

Download
========================================================================================== 
 The Next Generation of Genealogy Sitebuilding SQL Injection Vulnerability 
========================================================================================== 

:-------------------------------------------------------------------------------------------------------------------------: 
: # Exploit Title : The Next Generation of Genealogy Sitebuilding SQL Injection Vulnerability  
: # Date : 29th August 2017  
: # Author : X-Cisadane 
: # CMS Name :  The Next Generation of Genealogy Sitebuilding 
: # Version : < 11.1.1
: # CMS Developer : http://www.tngsitebuilding.com/
: # Category : Web Application 
: # Vulnerability : SQL Injection 
: # Tested On : SQLMap 1.1.8.16#dev (Windows 7 64-bit) 
: # Greetz to : X-Code YogyaFree, ExploreCrew, CodeNesia, Bogor Hackers Community, Borneo Crew, Depok Cyber, Mantan 
:-------------------------------------------------------------------------------------------------------------------------: 

A SQL Injection Vulnerability has been discovered in the The Next Generation of Genealogy Sitebuilding CMS.
The vulnerability allows remote attackers to execute own SQL Commands by usage of a vulnerable serivce value. 
The vulnerability is located in the primaryID value of the timeline2.php file. 
Remote attackers are able to execute own SQL Commands by usage of a GET method request with manipulated primaryID value. 
Remote attackers are able to read database information by execution of own SQL Commands. 
  
DORKS (How to find the target) : 
================================  
inurl:/timeline2.php?primaryID= 
Or "powered by The Next Generation of Genealogy Sitebuilding" 
Or use your own Google Dorks :) 

Proof of Concept  
================  

SQL Injection 
PoC :  
http://[Site]/[Path]/timeline2.php?primaryID=['SQLi]  

Screenshot (PoC) : 
https://s20.postimg.org/asdu29rwt/Screenshot_99.png 
https://s20.postimg.org/wsu6iwakt/Screenshot_100.png 

Example of Vuln Sites : 
http://1820settlers.co.uk/genealogy/timeline2.php?primaryID=['SQLi] 
http://lythgoes.net/genealogy/timeline2.php?primaryID=['SQLi] 
http://henrygrowfamily.org/timeline2.php?primaryID=['SQLi] 
http://www.ennever.com/timeline2.php?primaryID=['SQLi] 
http://mcbridehistory.com/timeline2.php?primaryID=['SQLi] 

... etc ...

Source: packetstormsecurity.com
Related Posts