Thatware 0.4.6 SQL Injection
Posted on 14 October 2016
# Exploit Title :----------------- : Thatware 0.4.6 - (friend.php) - SQL Injection # Author :------------------------ : Besim # Google Dork :---------------- : - # Date :-------------------------- : 13/10/2016 # Type :-------------------------- : webapps # Platform : -------------------- : PHP # Vendor Homepage :------- : - # Software link : -------------- : https://www.exploit-db.com/apps/13132b3e0eaeffc3fad55fded9e5bdc6-thatware_0.4.6.tar.gz ############################ SQL INJECTION Vulnerabilty ############################ *-* Code *-* include ("header.php"); $result=mysql_query("select title from stories where sid=$sid") *-* Vulnerable parameter-: $sid *-* File-----------------: friend.php?sid=(SQL inj)