SQL Injection Vulnerability in Google Lab

SQL Injection Vulnerability in Google Lab

SQL Injection Vulnerability in Google Lab Database System | Kerentanan Sangat Besar & Kritis terdeteksi di Google Lab Sistem. Vendor sudah dilaporkan oleh hacker, Tapi mereka tidak mengambil langkah positif dalam hal ini, sehingga akhirnya terkena hacker kerentanan di depan publik oleh Bangladesh Cyber Army Member - Shadman Tanjim di Forum mereka.

Google Website Lab telah SQL Injection Vulnerability dan hal yang Kerentanan Berbahaya ini dieksploitasi. Hacker bisa mendapatkan Tabel, kolom dan data dari Database. Google Lab Database memiliki sendiri menyesuaikan sistem DB. Tapi hal-hal menarik adalah sistem database mereka Similar sebagai database Ms Access. Dalam kasus Sistem Ms SQL Injection Akses Juga Bekerja pada sistem database Google Lab

Pernyataan Hacker:

Saya sudah kontak dengan Google Korporasi tetapi mereka tidak memberikan respon positif, saya pikir ini adalah kesalahan besar mereka, dan akan menderita untuk itu. Tetapi jika mereka memberikan respon positif maka ini akan sangat baik bagi mereka. Thanks a Ton!

Shadman Tanjim

Etika Hacker, Programmer dan Security Profesional

Email: admin@bdcyberarmy.com atau shadman2600@gmail.com

Website: www.bdcyberarmy.com/forum

Salam untuk: Shahee Mirza, Almas Zaman, Sayem Islam, Pudina pata, LuckyFm dan Semua

Bangladesh Cyber Army Members.

Hackers Release Step by step proof about this Vulnerability

1. Website : www.googlelabs.com or labs.google.com

2. Vulnerability type : SQL Injection

3. Vulnerable url : http://www.googlelabs.com/?q=%27&apps=Search+Labs

4. Info:

Host IP: 209.85.175.141

Web Server: Google Frontend

Keyword Found: Fast

Injection type is Integer

Let’s Check Exploiting this Vulnerable link. Here Hackers use 3 Famous SQL Injection tools. They are:

1. Havij Advance SQL Injection Tool

2. Safe3 SQL Injector v8.4

3. Pangolin SQL Injection Tool

1st Work with Havij Advance SQL Injection Tool:

Screen Shot 1: Scan Vulnerable link and it says this website is Vulnerable.

Screen Shot 2: Now it scans and gets all tables and columns

Screen Shot 3: Now you can see list of tables and Columns

And this is a Prove for this Website is Genuine SQL Injection Vulnerable. Here you see this database type is MS Access, so this is a Proof of this concept. Some people should Say Google Lab Database System is not Ms Access but this Website Database is Similar as Ms Access database and Ms Access SQL Injection Query are also Work on Google Labs Database system. As like MySQL 5 and MySQL 4.1 both are injected via Union select, but both are not have Information Schema.

2nd now Work with Safe3 SQL Injector v8.4:

Screen Shot 1: Analyzing Vulnerable link and it says it’s vulnerable and gets keyword and db type.

Screen Shot 2: Now it’s Inject the vulnerable link and gets All Table list and column list

This is another Prove for this Website Vulnerability and we can see this and Dangerous thing is its Exploitable. Now we check our last SQL Injection tool for 100% Satisfy.

3rd Pangolin SQL Injection Tool:

Screen Shot 1: Scan vulnerable link and its say this website is vulnerable

Screen Shot 2: Now inject this Website and get tables and columns list

Screen Shot 3: Here is a full List of Tables and Columns list

Now I think we are 100% Sure Google Lab Website is SQL Injection Vulnerable.

You Can Check Video. This Video is also made by Bangladesh Cyber Army Member - Shadman Tanjim.

Video Download link: http://www.bdcyberarmy.com/Google/google_video.avi

via | thehackernews

Share this

Author : takecy

Related Posts