Matrimonial Website Script 2.1.6 – ‘uid’ SQL Injection

• Exploit Database
• 116 阅读

• 作者： L0RD
  日期： 2018-02-05
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/43965/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

  # Exploit Title: Matrimonial Website Script 2.1.6 - &apos;uid&apos; SQL Injection # Dork: N/A # Date: 2018-02-03 # Exploit Author: Borna nematzadeh (L0RD) or borna.nematzadeh123@gmail.com # Vendor Homepage: <blockquote class="wp-embedded-content" data-secret="ewlb4UTywP"><a href="https://phpscriptsmall.com/product/matrimonial-website-script/" target="_blank"rel="external nofollow" class="external" >Matrimonial Website Script</a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;" title="“Matrimonial Website Script” — PHP Scripts Mall" src="https://phpscriptsmall.com/product/matrimonial-website-script/embed/#?secret=ewlb4UTywP" data-secret="ewlb4UTywP" frameborder="0" marginmarginscrolling="no"></iframe> # Version: 2.1.6 # Category: Webapps # CVE: N/A # # # # # # Description: # The vulnerability allows an attacker to inject sql commands. # # # # # # Proof of Concept:   http://localhost/entrepreneur/view-profile.php?uid=[SQL]