SQL Injection Vulnerability in Google Lab |
SQL Injection Vulnerability in Google Lab Database System | Kerentanan Sangat Besar & Kritis terdeteksi di Google Lab Sistem. Vendor sudah dilaporkan oleh hacker, Tapi mereka tidak mengambil langkah positif dalam hal ini, sehingga akhirnya terkena hacker kerentanan di depan publik oleh Bangladesh Cyber Army Member - Shadman Tanjim di Forum mereka.
Google Website Lab telah SQL Injection Vulnerability dan hal yang Kerentanan Berbahaya ini dieksploitasi. Hacker bisa mendapatkan Tabel, kolom dan data dari Database. Google Lab Database memiliki sendiri menyesuaikan sistem DB. Tapi hal-hal menarik adalah sistem database mereka Similar sebagai database Ms Access. Dalam kasus Sistem Ms SQL Injection Akses Juga Bekerja pada sistem database Google Lab
Pernyataan Hacker:
Saya sudah kontak dengan Google Korporasi tetapi mereka tidak memberikan respon positif, saya pikir ini adalah kesalahan besar mereka, dan akan menderita untuk itu. Tetapi jika mereka memberikan respon positif maka ini akan sangat baik bagi mereka. Thanks a Ton!
Shadman Tanjim
Etika Hacker, Programmer dan Security Profesional
Email: admin@bdcyberarmy.com atau shadman2600@gmail.com
Website: www.bdcyberarmy.com/forum
Salam untuk: Shahee Mirza, Almas Zaman, Sayem Islam, Pudina pata, LuckyFm dan Semua
Bangladesh Cyber Army Members.
Hackers Release Step by step proof about this Vulnerability
1. Website : www.googlelabs.com or labs.google.com
2. Vulnerability type : SQL Injection
3. Vulnerable url : http://www.googlelabs.com/?q=%27&apps=Search+Labs
4. Info:
Host IP: 209.85.175.141
Web Server: Google Frontend
Keyword Found: Fast
Injection type is Integer
Let’s Check Exploiting this Vulnerable link. Here Hackers use 3 Famous SQL Injection tools. They are:
1st Work with Havij Advance SQL Injection Tool:
Screen Shot 1: Scan Vulnerable link and it says this website is Vulnerable.
Screen Shot 2: Now it scans and gets all tables and columns
Screen Shot 3: Now you can see list of tables and Columns
And this is a Prove for this Website is Genuine SQL Injection Vulnerable. Here you see this database type is MS Access, so this is a Proof of this concept. Some people should Say Google Lab Database System is not Ms Access but this Website Database is Similar as Ms Access database and Ms Access SQL Injection Query are also Work on Google Labs Database system. As like MySQL 5 and MySQL 4.1 both are injected via Union select, but both are not have Information Schema.
2nd now Work with Safe3 SQL Injector v8.4:
Screen Shot 1: Analyzing Vulnerable link and it says it’s vulnerable and gets keyword and db type.
Screen Shot 2: Now it’s Inject the vulnerable link and gets All Table list and column list
This is another Prove for this Website Vulnerability and we can see this and Dangerous thing is its Exploitable. Now we check our last SQL Injection tool for 100% Satisfy.
3rd Pangolin SQL Injection Tool:
Screen Shot 1: Scan vulnerable link and its say this website is vulnerable
Screen Shot 2: Now inject this Website and get tables and columns list
Screen Shot 3: Here is a full List of Tables and Columns list
Now I think we are 100% Sure Google Lab Website is SQL Injection Vulnerable.
You Can Check Video. This Video is also made by Bangladesh Cyber Army Member - Shadman Tanjim.
Video Download link: http://www.bdcyberarmy.com/Google/google_video.avi
via | thehackernews
No comments:
Post a Comment