ad97ff4198
3 changes to exploits/shellcodes SCO OpenServer 5.0.7 - MMDF deliver Privilege Escalation Linux Kernel 2.4.x/2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SuSE 10 SP2/11 / Ubuntu 8.10) (PPC) - 'sock_sendpage()' Local Privilege Escalation Linux Kernel 2.4/2.6 (Fedora 11) - 'sock_sendpage()' Local Privilege Escalation (2) Linux Kernel 2.4/2.6 - 'sock_sendpage()' Local Privilege Escalation (3) SCO Multi-channel Memorandum Distribution Facility - Multiple Vulnerabilities Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Remote Code Execution FusionPBX 4.4.8 - Remote Code Execution Inventory Webapp - 'itemquery' SQL injection Linux/x86 - TCP Reverse Shell 127.0.0.1 Nullbyte Free Shellcode Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (107 Bytes)
37 lines
No EOL
697 B
Text
37 lines
No EOL
697 B
Text
# Exploit Title: Inventory Webapp SQL injection
|
|
# Data: 05.09.2019
|
|
# Exploit Author: mohammad zaheri
|
|
# Vendor HomagePage: https://github.com/edlangley/inventory-webapp
|
|
# Tested on: Windows
|
|
# Google Dork: N/A
|
|
|
|
|
|
=========
|
|
Vulnerable Page:
|
|
=========
|
|
/php/add-item.php
|
|
|
|
|
|
==========
|
|
Vulnerable Source:
|
|
==========
|
|
Line39: $name = $_GET["name"];
|
|
Line39: $description = $_GET["description"];
|
|
Line39: $quantity = $_GET["quantity"];
|
|
Line39: $cat_id = $_GET["cat_id"];
|
|
Line49: if(mysql_query($itemquery, $conn))
|
|
|
|
|
|
|
|
=========
|
|
POC:
|
|
=========
|
|
http://site.com/php/add-item.php?itemquery=[SQL]
|
|
|
|
|
|
|
|
=========
|
|
Contact Me :
|
|
=========
|
|
Telegram : @m_zhrii
|
|
Email : neoboy503@gmail.com |