# Exploit Title :----------------- : JonhCMS 4.5.1 - (go.php?id) - SQL Injection # Author :------------------------ : Besim # Google Dork :---------------- :- # Date :-------------------------- : 14/10/2016 # Type :-------------------------- : webapps # Platform : -------------------- :PHP # Vendor Homepage :------- : - # Software link : -------------- : http://wmscripti.com/php-scriptler/johncms-icerik-yonetim-scripti.html ############ SQL INJECTION Vulnerabilty ############## -*-*- :Vulnerable code----------: $req = mysql_query("SELECT * FROM `cms_ads` WHERE `id` = '$id'"); -*-*- :Vulnerable parameter--: $id -*-*- :Vulnerable file------------: http://site_name/path/go.php?id=[SQL injection code]
体验盒子
