DB: 2020-12-09

2 changes to exploits/shellcodes

Online Bus Ticket Reservation 1.0 - SQL Injection
Employee Performance Evaluation System 1.0 - 'Task and Description' Persistent Cross Site Scripting
This commit is contained in:
Offensive Security 2020-12-09 05:01:56 +00:00
parent 9dd5a95a94
commit 78d4c26b55
3 changed files with 39 additions and 0 deletions

View file

@ -0,0 +1,20 @@
# Exploit Title: Online Bus Ticket Reservation 1.0 - SQL Injection
# Date: 2020-12-07
# Exploit Author: Sakshi Sharma
# Vendor Homepage: https://www.sourcecodester.com/php/5012/online-bus-ticket-reservation-using-phpmysql.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/busreservation.zip
# Version: 1.0
# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4
#Vulnerable Page: admin page
#Exploit
Open the Application
check the URL:
http://localhost/busreservation/index.php
Open Admin Login
Enter username: 'or"='
Enter password: 'or"='
click on login
The SQL payload gets executed and authorization is bypassed successfully

View file

@ -0,0 +1,17 @@
# Exploit Title: Employee Performance Evaluation System 1.0 - ' Task and Description' Persistent Cross Site Scripting
# Date: 08/12/2020
# Exploit Author: Ritesh Gohil
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/14617/employee-performance-evaluation-system-phpmysqli-source-code.html
# Version: 1.0
# Tested on: Windows 10/Kali Linux
Steps to Reproduce:
1) Login with Admin Credentials and click on 'Task' button.
2) Click on Add New Task Button.
3) Now add the following payload input field of Task and Description
Payload: ritesh"><img src=x onerror=alert(document.domain)>
4) Click On Save
5) XSS payload is triggered.

View file

@ -43434,3 +43434,5 @@ id,file,description,date,author,type,platform,port
49204,exploits/php/webapps/49204.txt,"Cyber Cafe Management System Project (CCMS) 1.0 - Persistent Cross-Site Scripting",2020-12-07,"Pruthvi Nekkanti",webapps,php,
49208,exploits/php/webapps/49208.txt,"Savsoft Quiz 5 - 'Skype ID' Stored XSS",2020-12-07,"Dipak Panchal",webapps,php,
49209,exploits/php/webapps/49209.txt,"vBulletin 5.6.3 - 'group' Cross Site Scripting",2020-12-07,Vincent666,webapps,php,
49212,exploits/php/webapps/49212.txt,"Online Bus Ticket Reservation 1.0 - SQL Injection",2020-12-08,"Sakshi Sharma",webapps,php,
49215,exploits/php/webapps/49215.txt,"Employee Performance Evaluation System 1.0 - 'Task and Description' Persistent Cross Site Scripting",2020-12-08,"Ritesh Gohil",webapps,php,

Can't render this file because it is too large.