Des-Click 1.0.0 - Error Based SQL Injection Vulnerability

2020.02.10
fr Smog (FR) fr
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Title: Des-Click 1.0.0 - Error Based SQL Injection Vulnerability # Date: 2020-02-09 # Author: Smog # Vendor Homepage: https://www.des-click.com/ # Tested on: Windows 10 / Linux # Versions: 1.0.0 # Vulnerable Parameter: "id_famille" (Get Method) # CVE: N/A Dorks : inurl:"mobile/produit.php?id_famille=" intext:"Copyright des-click" POC : This Error-based SQL Injection is really simple to exploit, and it can be done by everyone who knows sqlmap or manual injections. How to exploit : The main error is on the "id_famille=" parameter exploitable only by get method, that stands out an integer. This is not a blind SQLi so there will be an error showed after the execution of a milicious query, like " ' ". The server will automaticly send an error of SELECT query : SELECT id_genre FROM `*table-name*_genre_famille` WHERE id_resto=<integer> AND id_famille=<integer>' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''<integer>''' at line <line> It says that the SQL synthax is badly made because of the malicious injected payload : The query is cutted in the start because of the GET parameter you had put. More : Administration panel : localhost/admin/ (Admin password are hashed in the database) Exploit is here : localhost/mobile/produit.php?id_famille=<integer> Twitter : twitter.com/sm0g3uh

References:

Greetz : Mizaru - Baronnet Noir - SourceLa


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top