8webcom Cms SQL Injection

2018.06.22

Ashiyane Digital Security Team (IR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: intext:"Powered By : 8webcom.com" inurl:"?id="

|===========================================================|
|-------------------In The Name Of God----------------------|
|
| Exploit Title: 8webcom Cms SQL Injection
|
| Exploit Author: Ashiyane Digital Security Team
|
| Vendor Homepage: http://www.8webcom.com
|
| Google Dork : intext:"Powered By : 8webcom.com" inurl:"?id="
|
| Tested on: Windows 10 ~~~> Google Chrome
|
| vulnerable Path : Target/content.php?id=
|
| Date: 2018-06-22
|==========================================================|
| Proof :
|
| http://www.gmfb.in/content.php?id=6
|
| http://www.flowelgtech.com/content.php?id=14
|
| http://www.ahmedabadzoo.in/content.php?id=14
|
| http://www.pramaautochappati.in/content.php?id=14
|
| http://www.gujaratsafety.com/content.php?id=20
|
| http://www.frpcoolingtower.in/content.php?id=12
|
| http://www.airkingind.com/content.php?id=19
|
| http://www.cushahcommercecollege.org/content.php?id=7
|
|============================================================|
| Discovered By : sir shahroukh
|============================================================| 

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

8webcom Cms SQL Injection

Dork: intext:"Powered By : 8webcom.com" inurl:"?id="

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.