bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/webapps/49150.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

26 lines
No EOL
942 B
Text
Raw Blame History

# Exploit Title: Under Construction Page with CPanel 1.0 - SQL injection
# Date: 17-11-2020
# Exploit Author: Mayur Parmar(th3cyb3rc0p)
# Vendor Homepage: http://egavilanmedia.com
# Software Link : http://egavilanmedia.com/under-construction-page-with-cpanel/
# Version: 1.0
# Tested on: PopOS
SQL Injection:
SQL injection is a web security vulnerability that allows an attacker
to alter the SQL queries made to the database. This can be used to
retrieve some sensitive information, like database structure, tables,
columns, and their underlying data.
Attack Vector:
An attacker can gain admin panel access using malicious sql injection queries.
Steps to reproduce:
1. Open admin login page using following URl:
-> http://localhost/Under%20Construction/admin/login.php
2. Now put below Payload in both the fields( User ID & Password)
Payload: admin' or '1'='1
3. Server accepted our payload and we bypassed cpanel without any
credentials
Reference in a new issue View git blame Copy permalink