Home / os / blackberry

LY Website CMS SQL Injection

Posted on 18 August 2014

[+] Title: LY Website CMS Sql Injection vulnerability [+] Date: 2014-08-15 [+] Author: Iran Security Group [+] Vendor Homepage: http://www.lywebsite.com/ [+] Tested on: Windows7 & Kali Linux [+] Vulnerable Files: /pro.php [+} Dork : inurl:/pro.php?CateId= intext:"Power By LY Website" ### POC: http://site/pro.php?CateId=[sqli] ### Demo: http://www.bypipefittings.com/pro.php?CateId=20%27 http://www.top1rc.com/pro.php?CateId=150%27 ### Credits: [+] Special Thanks: Root SmasheR, Hekt0r, Mr.Moein,Umpire, ALIREZA_PROMIS Social Engineer, Ali Ahmady, Saeed.Jok3r,M4hdi Vahid Hacker, BlackErroR, Phantom.S3c And All members of Iran Security Group [+] iransec.net

 

TOP