Thread: Patch your voting SQli in GTLVOTE 1.1!

Results 1 to 6 of 6
  1. #1 Patch your voting SQli in GTLVOTE 1.1! 
    Banned
    Join Date
    Jan 2015
    Posts
    73
    Thanks given
    21
    Thanks received
    19
    Rep Power
    0
    ################################################## ################################################## #############
    [+] Exploit Title: GTLVote 1.1 SQLi Injection Vulnerability.
    [+] Discovered By: Jackson (Security Engineer @ Panel Solutions) About us | Secure Hosting Solution
    [+] Worried about being attacked by a 0day? We secure your web applications before an attack occurs @ Secure Hosting Solution
    [+] My Homepage: Secure Hosting Solution
    [+] Date: [2015 28 July]
    [+] Vendor Homepage: GTLVote - GTLVote
    [+] Tested on: [GTL 1.x.x]
    ################################################## ################################################## #############


    POC(Proof Of Concept):
    +++++++++++++++++++++++++
    1) Simply find a GLT site and go to the callback file and add /vote/php/callback.php?callback=1' AND (SELECT * FROM (SELECT(SLEEP(10)))bgus) AND 'jcaE'='jcaE
    2) If the site takes time to load it's vulnerable because of the sleep query


    Sanitizing:
    +++++++++++++++++++++++++
    Download a patched version here(All clients hosted with panel have already been patched)
    http://panelsec.com/vote/GTLVote1.2.zip






    Hard File Edit:
    +++++++++++++++++++++++++


    1)


    Code:
    public function setSiteVoted($ip, $type)      {          $type   = intval($type);          $query  = "SELECT * FROM `voting_verification` WHERE `ip` = '" . $ip . "' AND `type`='" . $type . "'";          $result = mysql_query($query);          if (mysql_num_rows($result) == 0) {            mysql_query("INSERT INTO `voting_verification` (`ip`, `type`) VALUES ('" . $ip . "', '" . $type . "')");           }     }

    2)
    Code:
    public function setSiteVoted($ip, $type)    {        $type      = intval($type);        $ip_clean  = mysql_real_escape_string($ip);        $query     = "SELECT * FROM `voting_verification` WHERE `ip` = '" . $ip_clean . "' AND `type`='" . $type . "'";        $result    = mysql_query($query);        if (mysql_num_rows($result) == 0) {            mysql_query("INSERT INTO `voting_verification` (`ip`, `type`) VALUES ('" . $ip_clean . "', '" . $type . "')");        }    }
    Reply With Quote  
     

  2. Thankful users:


  3. #2  
    Donator

    Arithium's Avatar
    Join Date
    May 2010
    Age
    31
    Posts
    4,721
    Thanks given
    199
    Thanks received
    1,256
    Rep Power
    1114
    Your basically advertising your hosting here which is a bit ridiculous considering how malicious you actually are.
    Reply With Quote  
     

  4. #3  
    Registered Member
    Join Date
    May 2015
    Posts
    8
    Thanks given
    0
    Thanks received
    1
    Rep Power
    0
    Surprised people are still using dynamic queries instead of prepared statements or procedures
    Reply With Quote  
     

  5. #4  
    Unfortunately we’re all human. Except me


    Join Date
    Aug 2011
    Posts
    926
    Thanks given
    539
    Thanks received
    439
    Rep Power
    601
    Why do people even use gtl vote? Its full of deprecated functions..
    Reply With Quote  
     

  6. #5  
    Respected Member


    Join Date
    Jan 2009
    Posts
    5,743
    Thanks given
    1,162
    Thanks received
    3,603
    Rep Power
    5000
    Quote Originally Posted by LukaFurlan View Post
    Why do people even use gtl vote? Its full of deprecated functions..
    the entire mysql_ api is depreciated
    Reply With Quote  
     

  7. #6  
    Registered Member
    Join Date
    Jun 2012
    Posts
    39
    Thanks given
    4
    Thanks received
    7
    Rep Power
    8
    You didn't discover shit, you bought it from PFM/Got it from someone who did.
    Stop advertising your shitty script kiddie website.
    Reply With Quote  
     


Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


User Tag List

Similar Threads

  1. Playing Your Favorite Music In A Client
    By SmAcKmE in forum Tutorials
    Replies: 0
    Last Post: 04-18-2008, 05:39 PM
  2. Replies: 9
    Last Post: 04-18-2008, 09:11 AM
  3. How to ake your client uneditable(in the server).
    By newservermaker in forum Tutorials
    Replies: 16
    Last Post: 09-29-2007, 05:03 PM
  4. Your Name Signed In
    By Zondix in forum Tutorials
    Replies: 6
    Last Post: 09-13-2007, 08:15 PM
  5. Ask your GFX Questions in this forum!
    By Bullet in forum General
    Replies: 0
    Last Post: 07-20-2007, 05:48 PM
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •