cryptoluc.org (Bitcoins MINING) - SQL injection

2018.08.22

Elsfa7-110 (EG)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit title: casio - Cross Site Scripting ( XSS ) Vulnerability 
# Date: 2018-08-22
# Exploit Author: Elsfa7-110 ( https://www.facebook.com/elsfa7110 ) 
Vendor Homepage: https://cryptoluc.org/
# Category: Web Application 
# Dork: N/A 
# ============================= 
# Description: 
SQL injection is a vulnerability that allows an attacker to alter back-end SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn't properly filter out dangerous characters. 
#============================= Attack details Demo : 
https://cryptoluc.org/login
POST input login was set to 1'"
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '1' ')' at line 1
================

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

cryptoluc.org (Bitcoins MINING) - SQL injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.