Elevel It Cms SQL Injection Vulnerability

2016.03.15
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

==================================================================================== # Exploit Title: Elevel It Cms SQL Injection Vulnerability # Exploit Author: Blackwolf_Iran # Date: November - December 2015 # Email: blackwolf@post.com # Vendor Homepage: http://www.elevel.it/ # OUR SITE : https://iranonymous.org/ |==================================================================================== # {INFO} # SQL Injection Vulnerability |==================================================================================== # {DORK} # intext:"Web Design By Elevel" inurl:?id= |==================================================================================== # {POC} # http://www.site.com/news.php?id=7[SQL Injection] # http://www.site.it/galleria.php?id=3[SQL Injection] # http://www.ascentproject.eu/project_forumnews.php?id=4[SQL Injection] |==================================================================================== # {DEMO} # 01: http://www.marinogiada.com/news.php?id=7 # 02: http://www.siatautomazioni.it/news_dettaglio.php?id=21 # 03: http://www.agenziaimmobiliareborghesi.com/annunci.php?id=200 # 04: http://www.libertasravenna.it/news.php?id=41 # 05: http://www.alfredolando.it/galleria.php?id=3 # 06: http://www.ascentproject.eu/project_forumnews.php?id=4 # 07: http://ravenna.azinet.it/aziende/articoli-stampati-gomma-membrane-guarnizioni/42119/link.php?id=42119 # 08: http://www.dribblingravenna.it/news.php?id=187 # 09: http://www.intermed-shipping.it/multimedia.php?id=2 # 10: www.emporiodellapietra.it/news.php?id=2 |==================================================================================== # {TNX For} # >>> Mr.khatar - Hacker Khan ; # >>> Discovered By Blackwolf_Iran |==================================================================================== The END ; Good Luck :D:D:D


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top