facebook facebook twitter rss

Phenix Education Sql injection vulnerability

Author: indoushka , Published: 25-08-2017
========================================================================
| # Title : Phenix Education Sql injection vulnerability
| # Author : indoushka
| # email : indoushka4ever@gmail.com
| # Tested on : windows 8.1 Français V.(Pro)
| # Version : 2
| # Vendor : https://www.phenixeducation.co.uk/ / http://www.oakridge.staffs.sch.uk/oakridge.zip
| # Dork : n/a
========================================================================

http://www.oakridge.staffs.sch.uk/admin/global.php?PageID=17 <= inject here

http://www.oakridge.staffs.sch.uk/admin/

Upload :

https://www.phenixeducation.co.uk/admin/js/plugin/ckfinder/ckfinder.html

poc:

https://www.phenixeducation.co.uk/admin/ckfinder/userfiles/images/poc.gif

Greetz : ⵏⴻⴽⴽⴰⴰ ⵙⴰⵍⴰⵀ ⴻⴷⴷⵉⵏⴻ------ⵯⵉⵯⴰ ⴰⵎⴰⵣⵉⴳⴻⵏ-------- ⵎⴰⵅⵡⴻⵍⵍ ⵛⴰⵛⵀⴷoⵍⵍⴰⵔ ------
|
jericho * Larry W. Cashdollar * moncet-1 * Shadow_00715 |
|
===================== pⴰⵛⴽⴻⵜ ⵙⵜoⵔⵎ ⵙⴻⵛⵓⵔⵉⵜⵢ =============================

Like us on Facebook :