Read Time:24 Second

Posted by Andrey Stoykov on Jun 09

# Exploit Title: FengOffice – Blind SQL Injection
# Date: 06/2024
# Exploit Author: Andrey Stoykov
# Version: 3.11.1.2
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2024/05/friday-fun-pentest-series-6.html

Steps to Reproduce:

1. Login to application
2. Click on “Workspaces”
3. Copy full URL
4. Paste the HTTP GET request into text file
5. Set the injection point to be in the “dim” parameter…

Read More