MyCustomers CMS 1.3.873 – SQL Injection

Exploit Database
60 阅读

作者： Persian Hack Team

日期： 2015-11-30
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/38830/

######################
# Exploit Title : MyCustomers Cms Sql Injection Vulnerability
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://www.iran-php.com/
# Google Dork : "Powered By IranPHP" & inurl:/index.php?DPT=IP17 & "Powered+by+MyCustomers-1.3.873"
# Date: 2015/11/28
# Version :1.3
# 
######################
# Vulnerable Paramter DPT=
# Demo:
# http://server/index.php?DPT=IP17%27
#
# Youtube : https://www.youtube.com/watch?v=43DVOq5L2hw
#
# We reported to vendor but Anyone not responsive
# It's not joke
# We do not take responsibility
#
######################
# Discovered by : 
# Mojtaba MobhaM & T3NZOG4N (t3nz0g4n@yahoo.com)
######################

last Exploits
MyCustomers CMS 1.3.873 – SQL Injection的更多信息

PBBoard – ‘member_id’ Validation Password Manipulation：
Pre Web Host System – Authentication Bypass：
CmyDocument – Multiple Cross-Site Scripting Vulnerabilities：
Tapatalk for vBulletin 4.x – Blind SQL Injection：
Snif 1.5.2 – Any Filetype Download：
Joomla! Component Picture Calendar for Joomla! 3.1.4 – Directory Traversal：
HP Insight Diagnostics Online Edition 8.4 – ‘survey.php?category’ Cross-Site Scripting：
Sickbeard 0.1 – Remote Command Injection：