# # Exploit Title: PHP Scripts - Theater Management Script - SQL Injection # Dork: inurl:show-time.php?moid= # Date: 18.08.2017 # Vendor Homepage : http://www.exclusivescript.com/product/8o2b4417538/php-scripts/theater-management-script # Version: 3.1.5 # Category: Webapps # Tested on: WiN10_x64 / KaLiLinux_x64 # CVE: N/A # # # # # # # # # # # # # # # Exploit Author: AnGrY BoY # Author Web: http://www.h4kurd.com # Author E-Mail: h4kurd@yahoo.com # # # # # # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/show-time.php?moid=[SQL] # # # Iranian Exploit DataBase = http://IeDb.Ir [2017-08-21]