Des-Click 1.0.0 - Error Based SQL Injection Vulnerability

Viewers : 0

# Title: Des-Click 1.0.0 - Error Based SQL Injection Vulnerability # Date: 2020-02-09 # Author: Smog # Vendor Homepage: https://www.des-click.com/ # Tested on: Windows 10 / Linux # Versions: 1.0.0 # Vulnerable Parameter: "id_famille" (Get Method) # CVE: N/A Dorks : inurl:"mobile/produit.php?id_famille=" intext:"Copyright des-click" POC : This Error-based SQL Injection is really simple to exploit, and it can be done by everyone who knows sqlmap or manual injections. How to exploit : The main error is on the "id_famille=" parameter exploitable only by get method, that stands out an integer. This is not a blind SQLi so there will be an error showed after the execution of a milicious query, like " ' ". The server will automaticly send an error of SELECT query : SELECT id_genre FROM `*table-name*_genre_famille` WHERE id_resto=<integer> AND id_famille=<integer>' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''<integer>''' at line <line> It says that the SQL synthax is badly made because of the malicious injected payload : The query is cutted in the start because of the GET parameter you had put. More : Administration panel : localhost/admin/ (Admin password are hashed in the database) Exploit is here : localhost/mobile/produit.php?id_famille=<integer> Twitter : twitter.com/sm0g3uh

Source: Touch Me Senpai