Mushoq websites get SQL injection

2015.11.29
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: Mushoq websites get SQL injection # Google Dork: inurl:"index.php?idSeccion=" # Vulnerable parameter : idSeccion # Date: 29-11-2015 # Exploit Author: Timoumi Houcem # Contact: www.facebook.com/houcem.radikali # Version: all versions # Tested on: kali linux OS,iceweasel browser # EXAMPLE : http://www.briggs.com.ec/index.php?idSeccion=21 # EXPLOIT : all websites powered by mushoq company are vulnerable to sql injection by GET method, some websites are protected by WAF, but we can bypass it and dump databases.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top