MyCustomers 1.3.873 SQL Injection

2015.11.29
Credit: Persian Hack Team
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: "Powered By IranPHP" & inurl:/index.php?DPT=IP17 & "Powered+by+MyCustomers-1.3.873"

###################### # Exploit Title : MyCustomers Cms Sql Injection Vulnerability # Exploit Author : Persian Hack Team # Vendor Homepage : http://www.iran-php.com/ # Google Dork : "Powered By IranPHP" & inurl:/index.php?DPT=IP17 & "Powered+by+MyCustomers-1.3.873" # Date: 2015/11/28 # Version : 1.3 # ###################### # Vulnerable Paramter DPT= # Demo: # http://www.savehagahi.ir/index.php?DPT=IP17%27 # # Youtube : https://www.youtube.com/watch?v=43DVOq5L2hw # # We reported to vendor but Anyone not responsive # It's not joke # We do not take responsibility # ###################### # Discovered by : # Mojtaba MobhaM & T3NZOG4N (t3nz0g4n@yahoo.com) ######################

References:

https://www.youtube.com/watch?v=43DVOq5L2hw


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top