LFI to RCE via access_log injection

on
18

PHPBasket 4.0 - SQL Injection Vulnerability

on 

[o] PHPBasket 4.0 SQL Injection Vulnerability
Software : PHPBasket version 4.0
Vendor   : http://www.phpbasket.com/
Author   : NoGe


[o] Vulnerable file
product.php


[o] Exploit
http://localhost/[path]/product.php?cat_id=[sql]


[o] Dork
"Powered by PHPBasket"


Comments

Post a Comment