EGYGRAFX Website SQL Injection

2019.05.09

Hritik R (IN)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: inurl:articles.php?id=

###################################################################

# Exploit Title : EGYGRAFX Website SQL Injection
# Author  : Hritik R
# Date : 09/05/2019
# Vendor Homepage :  http://egygrafx.com
# Tested On : Windows and Linux
# Exploit Risk : High
# Google Dorks : inurl:articles.php?id=
                 inurl:category.php?cat_id=

###################################################################
# Impact :
**********************
[+] Reveal Customers Credentials (No Hashes)
[+] Multiple Website Database
[+] Reveal Customers Details ( Name, Phone No. Email, Address,etc)

# SQL Injection Exploit :
**********************
[+] http://egygrafx.com/articles.php?id=[SQL Injection]
[+] http://egygrafx.com/category.php?cat_id=[SQL Injection]

# Example Vulnerable Sites :
*************************
[+] http://egygrafx.com/category.php?cat_id=63%27
[+] http://egygrafx.com/articles.php?id=36%27

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

EGYGRAFX Website SQL Injection

Dork: inurl:articles.php?id=

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.