Site designer company & sql injection - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1535492 漏洞类型
发布时间 2019-03-15 更新时间 2019-03-15
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019030123
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title:Site designer company & SQlinjection 
# Date: 2019-03-15
# Exploit Author: Nullix Security Team | NikbinHK | Mohammad Nikbin
# Vendor Homepage:  PLUSNET.ir
# Google Dork‌ : intext:"طراحی و برنامه نویسی شرکت داده پرداز طراحان ماندگار" inurl:?id=
# Tested on: win,linux
=================================================================================
                                             [SQL injection]     

[+] Method ( Sql injection ) Nullix Security Team of IRan
[+]  parameter  : pid , cat2 , maincat , id
=================
Mode Hash : MD5 
=================
Demo:
[+] azarkandoo.com/productdetails.php?id=[SQL] parameter ======> id
[+] peikesafar.ir/mobile/tours.php?cat1=81&&cat2=[SQL] parameter ======> cat2
[+] www.njk82.com/productsshow.php?pid=[SQL]   parameter ======> pid
=================================================================================

EMail : NikbinHK@yahoo.com
Telegram ID‌ : @Orrol
Telegram Channel : @NullixTM
      

[+] TNX to ======>  Nullix Team guys