What we will need
- A target www.techpanda.org
- Bing search engine
- SQL Injection tools
- PHP Shell, we will use dk shell http://sourceforge.net/projects/icfdkshell/
We will need to get the IP address of our target and find other websites that share the same IP address.
We will use an online tool to find the target’s IP address and other websites sharing the IP address
- Enter the URL http://www.yougetsignal.com/tools/web-sites-on-web-server/ in your web browser
- Enter www.techpanda.org as the target
- Click on Check button
- You will get the following results
Based on the above results, the IP address of the target is 220.127.116.11
We also found out that there are 403 domains on the same web server.
Our next step is to scan the other websites for SQL injection vulnerabilities. Note: if we can find a SQL vulnerable on the target, then we would directly exploit it without considering other websites.
Enter the URL www.bing.com into your web browser. This will only work with bing so don’t use other search engines such as Google or yahoo
Enter the following search query
- “IP:18.104.22.168” limits the search to all the websites hosted on the web server with IP address 22.214.171.124
- “.php?id=” search for URL GET variables used a parameters for SQL statements.
You will get the following results
As you can see from the above results, all the websites using GET variables as parameters for SQL injection have been listed.
The next logical step would be to scan the listed websites for SQL Injection vulnerabilities. You can do this using Manual SQL injection or using tools listed in this article on SQL Injection.
Uploading the PHP Shell
We will not scan any of the websites listed as this is illegal. Let’s assume that we have managed to log in to one of them. You will have to upload the PHP shell that you downloaded fromhttp://sourceforge.net/projects/icfdkshell/
- Open the URL where you uploaded the dk.php file.
- You will get the following window
- Clicking the Symlink URL will give you access to the files in the target domain.
Once you have access to the files, you can get login credentials to the database and do whatever you want such as defacement, downloading data such as emails, etc.
This Post is Strictly for EDUCATIONAL PURPOSES. Don’t use it in a bad manner. It can be a punishable offense.