Skip navigation

Title : Umbra Loader (all versions) multiple Vulnerabilies
Author : Th3breacher
E-mail : th3breacher@gmail.com
platform : php
Type : SQL Injection / unprotected login bruteforce
Severity : medium
Tested on : ArchLinux
Download : [http://ss-rat.blogspot.in/]
Overview : Umbra Loader is a popular HTTP botnet open source project, and version 1.1.1 has been released recently by the developer, Slayer616.
Vulnerabilities :
–POST-authentification Blind SQL Injection
+POC : http://www.botnet.com/Panel/Panel/delete_command.php?deleteID=%5BBlind_sql_injection%5D

–Unprotected POST credentials check (credentials bruteforce is possible)
+POC : http://www.botnet.com/Panel/Panel/login.php

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: