These sql vulnerabilities allow remote attackers to inject/execute own sql commands/statements on the affected vOlks botnet application control panel dbms. The vulnerabilities are located in the Messenger, Filezilla, Estadisticas files with the bound vulnerable ?pag listing parameter. The vulnerability can be exploited by remote attackers without required user inter action. Successful exploitation of the vulnerabilities result in botnet control panel compromise via remote sql injection attack.
The input validation vulnerabilities allow remote attackers to inject own malicious persistent script code on application side of the botnet framework. The vulnerabilities are located in the Visit Webpage (Open URL), MSN Stealer, Download File and Setting modules with the bound vulnerable domin, Pasw, https or messenger bot s name parameters. The vulnerability can be exploited by remote attacker with low or medium required user inter action. Successful exploitation of the vulnerabilities result in botnet control panel compromise via session hijacking, persistent web context manipulation or combined csrf request manipulation.
Vulnerable Parameter(s):
[+] Name - Bot s Name
[+] URL - Open URL Bots
[+] URL - Download url
[+] Password Administrator & User Administrator
Dork CodeSearch:
vOlk-Botnet 4.0
`` or
``[vOlk-Botnet]v 4.0 Login``
DorK Google: allinurl:vOlk-Botnet 4.0 or subtitle:[byvOlk] - WebAdmin Panel vOlk-Botnet 4.0 and
allinurl:WebAdmin/archivos/imagen/logo.jpg
Proof of Concept:
The sql injection vulnerabilities can be exploited by remote attacker without privileged application user account and without required user inter action. For demonstration or reproduce ...
http://[SERVER]/images/WebAdmin/Controladores/Messenger.php?pag=-1%27%20union all select id from pharming--
http://[SERVER]/images/WebAdmin/Controladores/Filezilla.php?pag=-1%27%20union all select id from pharming--
http://[SERVER]/images/WebAdmin/Vistas/Estadisticas.php?pais=-1%27%20union all select id from pharming--
--- SQL Exceptions ---
Sentencia Incorrecta : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right
syntax to use near '-100 , 100' at line 1
---
Sentencia Incorrecta : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''-1'' ORDER BY fecha DESC LIMIT 0 , 45' at line 1
---
Sentencia Incorrecta : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-200 , 100' at line 1
--
SELECT * FROM zombis
SELECT * FROM pharming
The persistent script code inject vulnerabilities can be exploited by remote attackers without privileged application user account but with low or medium required user inter action. For demonstration or reproduce ...
MSN Stealer: The msn stealer module inside of the application displays the Bot's Name unsanitized. To infect the attacker back the victim can simulate a fake msn account login on a infected system with malicious persistent script code as Bot's Name. The result is a persistent script code execution out of Bot's Name web context in the messenger listing. The victim can hijack the vOlks Botnet Panel sessions or manipulate the framework with own malicious persistent context to stop, block, take over or disable the service.
