News Website Script 2.0.4 - 'search' SQL Injection

EDB-ID: 44030
Author: Varun Bagaria
Published: 2018-02-13
CVE: N/A
Type: Webapps
Platform: PHP
Vulnerable App: N/A

 # Exploit Title:News Website Script - SQL Injection (Error Based) 
 # Google Dork: NA 
 # Date: 12.02.2018 
 # Exploit Author: Varun Bagaria 
 # Vendor Homepage: https://www.phpscriptsmall.com/ 
 # Software Link: *http://under24usd.com/demo/newstoday/index.php 
 # Version: 2.0.4 
 # Tested on: Windows 7 
 # Category: Webapps 
 # CVE : NA 
 ################################################################## 

 Proof of Concept 
 ================= 

 Attack Parameter : search 
 Payload : '

 Reproduction Steps: 
 ------------------------------ 
 1. Access the script 
 2. In the search bar insert ' and you will get error based SQL Injection

Source:www.exploit-db.com

News Website Script 2.0.4 - 'search' SQL Injection

Trending Articles

LAG, Lacp configuration on Mellanox switches

Karimnagar District Police Office Mobile Numbers List in Telangana State

Ifield Avenue closed following crash in Langley Green

NCERT Solutions for Class 9th Sanskrit Chapter 2 अविवेकः परमापदां पदम्

Rajasthan Board 10th Result 2016 Roll No wise & Name Wise

Black Angus Grilled Artichokes

Derbyshire jeweller and scrap gold dealer, Jonathan Haag, must pay £57,000...

BREAKING NEWS: Park Street closed off after fire

Practice Sheet of Right form of verbs for HSC Students

The 10 Tennessee Cities With The Largest Black Population For 2021

FLASHBACK WITH SIRASA FM AT GALGAMUWA 2022

Mp3 Download: Mdu - Mazola

Imitation gun was fired at motorist in Leicester road-rage incident

Ndebele names

MCKINNEY EMALINE EMMA OF WES...

Okra & Motia — The Workshop (Prod by Hammer)

Skint TV teen to be sentenced

Moondru Mudichu 19-09-2017 – Polimer tv Serial

YOSVANI JAMES Arrested by Miami-Dade County Corrections on Jan 10, 2017

Stories • Goddess Stepmom