| 标题 | MINMAX – SQL Injection vulnerability |
|---|
| 描述 | #Exploit Title: MINMAX – SQL Injection vulnerability
#Exploit Author: Mostafa Farzaneh
#Vendor Homepage: https://minmax.biz
#Google Dork: "Designed by MINMAX"
#Category:webapps
#Tested On: windows 10, Firefox
#Software Link : https://minmax.biz
#CWE: CWE-89
Proof of Concept:
1-Search google Dork: "Designed by MINMAX"
Demo: https://www.dama.com.tw/newsDia.php?d=19 [Sql Injection vulnerability]
Demo: https://www.sunnybeautyclinic.com.tw/newsDia.php?cls=N000001&id=93 [Sql Injection vulnerability]
Demo: https://www.niken.com.tw/newsDia.php?id=94 [Sql Injection vulnerability]
*********************************************************
#Discovered by: Mostafa Farzaneh from PywebSecurity Team
#Telegram: @pyweb_security
********************************************************* |
|---|
| 来源 | ⚠️ https://minmax.biz |
|---|
| 用户 | pyweb-security (UID 11883) |
|---|
| 提交 | 2020-08-14 16時25分 (6 年前) |
|---|
| 管理 | 2020-08-17 08時09分 (3 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 159957 [MINMAX /newsDia.php 标识符 SQL注入] |
|---|
| 积分 | 17 |
|---|