My Qingfeng SQLI Injection Vulnerability

Published
Credit
Risk
2017.04.16
Ashiyane Digital Security Team
Medium
CWE
CVE
Local
Remote
CWE-89
N/A
No
Yes
Dork: intext:myqingfeng.cn inurl:.php?nid=

#######################################################
##################{In The Name Of God}#################
#######################################################

############################################
# Exploit Title:My Qingfeng SQLI Injection Vulnerability
# Date: Sunday, April 16, 2017-04-16
# Author: Ashiyane Digital Security Team
# Vendor Homepage : http://www.myqingfeng.cn
# Tested On : Windows 10 / Chrome
############################################

########
# Google Dork : intext:myqingfeng.cn inurl:.php?nid=
########

########
# Demo 1 : http://www.lyssy.com.cn/newsInfo.php?nid=[SQLI]
#
# Demo 2 : http://www.jzjscc.com/newsInfo.php?nid=[SQLI]
#
# Demo 3 : http://www.hnzbo.com/newsInfo.php?nid=[SQLI]
#
# Demo 4 : http://wufangjc.com/newsInfo.php?nid=[SQLI]
#
# Demo 5 : http://www.lyhjks.com/newsInfo.php?nid=[SQLI]
#
# Demo 6 : http://www.zjhtdoors.com/newsInfo.php?nid=[SQLI]
########

[+][+][+][+][+][+][+][+][+][+][+][+]

Discovered By : HackFanS

[+][+][+][+][+][+][+][+][+][+][+][+]
*=============================================================|
| Special Thanks To : Behrooz_Ice? Virangar ,H_SQLI.EMpiRe ? Ehsan Cod3r ? SeRaVo
| Und3rgr0und ? Amir.ght ? xenotix? modiret? V For Vendetta ? Alireza ? micle - H.Hemat
| r4ouf ? Net Hacker ? 4TT4CK3R ? alcol ? 1TED ? H4554N? shahroukh? Saeid_9n ? CRISIS
| Chris ? Muts ? B14CK SPID3R ? MALWaRE43 ? moh3nra021 , Sha4yan , M.R.S.L.Y - Amir Th - Cyber.Defacer
| And All Of My Friends ...
*=============================================================|


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com