Phenix Education Sql injection vulnerability
| Author: indoushka | , Published: 25-08-2017 |
========================================================================
| # Title : Phenix Education Sql injection vulnerability
| # Author : indoushka
| # email : indoushka4ever@gmail.com
| # Tested on : windows 8.1 Français V.(Pro)
| # Version : 2
| # Vendor : https://www.phenixeducation.co.uk/ / http://www.oakridge.staffs.sch.uk/oakridge.zip
| # Dork : n/a
========================================================================
http://www.oakridge.staffs.sch.uk/admin/global.php?PageID=17 <= inject here
http://www.oakridge.staffs.sch.uk/admin/
Upload :
https://www.phenixeducation.co.uk/admin/js/plugin/ckfinder/ckfinder.html
poc:
https://www.phenixeducation.co.uk/admin/ckfinder/userfiles/images/poc.gif
Greetz : ⵏⴻⴽⴽⴰⴰ ⵙⴰⵍⴰⵀ ⴻⴷⴷⵉⵏⴻ------ⵯⵉⵯⴰ ⴰⵎⴰⵣⵉⴳⴻⵏ-------- ⵎⴰⵅⵡⴻⵍⵍ ⵛⴰⵛⵀⴷoⵍⵍⴰⵔ ------
|
jericho * Larry W. Cashdollar * moncet-1 * Shadow_00715 |
|
===================== pⴰⵛⴽⴻⵜ ⵙⵜoⵔⵎ ⵙⴻⵛⵓⵔⵉⵜⵢ =============================
Like us on Facebook :