Become a patron and gain access to the dashboard, Schedule scans, API and Search patron
"Under Construction Page with CPanel 1.0 - SQL injection"
Author
"Mayur Parmar"
Platform
multiple
Release date
2020-12-02
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | # Exploit Title: Under Construction Page with CPanel 1.0 - SQL injection # Date: 17-11-2020 # Exploit Author: Mayur Parmar(th3cyb3rc0p) # Vendor Homepage: http://egavilanmedia.com # Software Link : http://egavilanmedia.com/under-construction-page-with-cpanel/ # Version: 1.0 # Tested on: PopOS SQL Injection: SQL injection is a web security vulnerability that allows an attacker to alter the SQL queries made to the database. This can be used to retrieve some sensitive information, like database structure, tables, columns, and their underlying data. Attack Vector: An attacker can gain admin panel access using malicious sql injection queries. Steps to reproduce: 1. Open admin login page using following URl: -> http://localhost/Under%20Construction/admin/login.php 2. Now put below Payload in both the fields( User ID & Password) Payload: admin' or '1'='1 3. Server accepted our payload and we bypassed cpanel without any credentials |
| Release Date | Title | Type | Platform | Author |
|---|---|---|---|---|
| 2020-12-02 | "Under Construction Page with CPanel 1.0 - SQL injection" | webapps | multiple | "Mayur Parmar" |
| 2020-11-25 | "WonderCMS 3.1.3 - 'page' Persistent Cross-Site Scripting" | webapps | php | "Mayur Parmar" |
| 2020-11-16 | "User Registration & Login and User Management System 2.1 - Login Bypass SQL Injection" | webapps | php | "Mayur Parmar" |
| 2020-08-18 | "Savsoft Quiz 5 - Stored Cross-Site Scripting" | webapps | php | "Mayur Parmar" |
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/49150/?format=json')
For full documentation follow the link above