Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ########################################################################################
- # Exploit Title : Namaste Hindustan SQL Injection
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 10/03/2019
- # Vendor Homepage : namastehindustan.in
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ########################################################################################
- # Impact :
- ***********
- Namaste Hindustan is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied
- data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application,
- access or modify data, or exploit latent vulnerabilities in the underlying database. A remote attacker can send a
- specially crafted request to the vulnerable application and execute arbitrary SQL commands in application`s database.
- Further exploitation of this vulnerability may result in unauthorized data manipulation.
- An attacker can exploit this issue using a browser or with any SQL Injector Tool.
- ########################################################################################
- # SQL Injection Exploit :
- **********************
- /product.php?cat_id=[SQL Injection]
- /subcat.php?id=[SQL Injection]
- ########################################################################################
- # Example Vulnerable Sites :
- *************************
- [+] akbaritraders.in/product.php?cat_id=5%27
- Vulnerable IP Addresses =>
- akbaritraders.in (54.39.152.27) => There are 241 domains hosted on this server.
- namastehindustan.in (198.27.81.31) => There are 3 domains hosted on this server.
- ########################################################################################
- # Example SQL Database Error :
- ****************************
- Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean
- given in /home/akbaritraders/public_html/product.php on line 5
- ########################################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ########################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement