8webcom Cms SQL Injection

2018.06.22

Ashiyane Digital Security Team (IR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: intext:"Powered By : 8webcom.com" inurl:"?id="

|===========================================================|   
|-------------------In The Name Of God----------------------|   
|   
| Exploit Title: 8webcom Cms SQL Injection
|   
| Exploit Author: Ashiyane Digital Security Team   
|   
| Vendor Homepage: http://www.8webcom.com
|   
| Google Dork : intext:"Powered By : 8webcom.com" inurl:"?id=" 
| 
| Tested on: Windows 10 ~~~> Google Chrome   
|
| vulnerable Path : Target/content.php?id=
|
| Date: 2018-06-22
|==========================================================|   
| Proof :
|    
| http://www.gmfb.in/content.php?id=6
|
| http://www.flowelgtech.com/content.php?id=14
|
| http://www.ahmedabadzoo.in/content.php?id=14
| 
| http://www.pramaautochappati.in/content.php?id=14
| 
| http://www.gujaratsafety.com/content.php?id=20
| 
| http://www.frpcoolingtower.in/content.php?id=12
|
| http://www.airkingind.com/content.php?id=19
|
| http://www.cushahcommercecollege.org/content.php?id=7
|
|============================================================|  
| Discovered By : sir shahroukh   
|============================================================| 

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

8webcom Cms SQL Injection

Dork: intext:"Powered By : 8webcom.com" inurl:"?id="

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.