Advertisement


Looking for a fix? Check your Codebase security with multiple scanners from Scanmycode.today


Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019030123

Below is a copy:

Site designer company & sql injection
# Exploit Title:Site designer company & SQlinjection 
# Date: 2019-03-15
# Exploit Author: Nullix Security Team | NikbinHK | Mohammad Nikbin
# Vendor Homepage:  PLUSNET.ir
# Google Dork : intext:"        " inurl:?id=
# Tested on: win,linux
=================================================================================
                                             [SQL injection]     

[+] Method ( Sql injection ) Nullix Security Team of IRan
[+]  parameter  : pid , cat2 , maincat , id
=================
Mode Hash : MD5 
=================
Demo:
[+] azarkandoo.com/productdetails.php?id=[SQL] parameter ======> id
[+] peikesafar.ir/mobile/tours.php?cat1=81&&cat2=[SQL] parameter ======> cat2
[+] www.njk82.com/productsshow.php?pid=[SQL]   parameter ======> pid
=================================================================================

EMail : [email protected]
Telegram ID : @Orrol
Telegram Channel : @NullixTM
      

[+] TNX to ======>  Nullix Team guys

Copyright ©2019 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.