Design By Julyinfo. - SQL Injection Vulnerability

2019.11.17
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-86

--------------------------------------------------------- # Exploit Title: Design By Julyinfo. - SQL Injection Vulnerability # Date: 2019-11-14 # Exploit Author: FreeBuzz Team # Vendor Homepage: http://www.websmileindia.com/ # Team Mail : Frb@tutamail.com # Tested on: Ubuntu --------------------------------------------------------- Google Dork: intext:"Design By Julyinfo" inurl:".php?id= inurl:"/mana_php/" [This admin page you can find it then browser SQL parameters in Home page] - Demo: http://www.realycorp.com.tw/works_detial.php?b_id=36[SQLi] http://www.depoan.com/news-detial.php?newId=96[SQli] https://www.twsgi.org.tw/news-detail.php?n_id=7998[SQli] http://www.unionchemical.com.tw/products_list_food.php?level1_id=10[SQli] http://www.labvolt-taiwan.com/new_info.php?b_id=24[SQLi] ---------------------------------------------------------- # Discovered by Unkn0wn[0x9a@protonmail.com] # https://github.com/0x9a # We Are : AloneGhost - VeNoM - Agent Haze - Old_One - Unkn0wn FreeBuzz Team @ 2012-2019 [FRB]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top