| ଶୀର୍ଷକ | MINMAX – SQL Injection vulnerability |
|---|
| ବର୍ଣ୍ଣନା | #Exploit Title: MINMAX – SQL Injection vulnerability
#Exploit Author: Mostafa Farzaneh
#Vendor Homepage: https://minmax.biz
#Google Dork: "Designed by MINMAX"
#Category:webapps
#Tested On: windows 10, Firefox
#Software Link : https://minmax.biz
#CWE: CWE-89
Proof of Concept:
1-Search google Dork: "Designed by MINMAX"
Demo: https://www.dama.com.tw/newsDia.php?d=19 [Sql Injection vulnerability]
Demo: https://www.sunnybeautyclinic.com.tw/newsDia.php?cls=N000001&id=93 [Sql Injection vulnerability]
Demo: https://www.niken.com.tw/newsDia.php?id=94 [Sql Injection vulnerability]
*********************************************************
#Discovered by: Mostafa Farzaneh from PywebSecurity Team
#Telegram: @pyweb_security
********************************************************* |
|---|
| ଉତ୍ସ | ⚠️ https://minmax.biz |
|---|
| ଉପଭୋକ୍ତା | pyweb-security (UID 11883) |
|---|
| ଦାଖଲ | 08/14/2020 04:25 PM (6 ବର୍ଷ ବର୍ଷ ago) |
|---|
| ମଧ୍ୟମ ଧରଣର | 08/17/2020 08:09 AM (3 days later) |
|---|
| ସ୍ଥିତି | ଗ୍ରହଣ କରାଯାଇଛି |
|---|
| VulDB ଏଣ୍ଟ୍ରି | 159957 [MINMAX /newsDia.php ID SQL ଇଞ୍ଜେକ୍ସନ] |
|---|
| ପଏଣ୍ଟ | 17 |
|---|