cryptoluc.org (Bitcoins MINING) - SQL injection

2018.08.22
eg Elsfa7-110 (EG) eg
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit title: casio - Cross Site Scripting ( XSS ) Vulnerability # Date: 2018-08-22 # Exploit Author: Elsfa7-110 ( https://www.facebook.com/elsfa7110 ) Vendor Homepage: https://cryptoluc.org/ # Category: Web Application # Dork: N/A # ============================= # Description: SQL injection is a vulnerability that allows an attacker to alter back-end SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn't properly filter out dangerous characters. #============================= Attack details Demo : https://cryptoluc.org/login POST input login was set to 1'" You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '1' ')' at line 1 ================


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top