dea52f68f5
8 new exploits Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow (PoC) Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow VMware vSphere Data Protection 5.x/6.x - Java Deserialization EFS Easy Chat Server 3.1 - Buffer Overflow (SEH) IPFire 2.19 - Remote Code Execution eCom Cart 1.3 - SQL Injection EFS Easy Chat Server 3.1 - Password Disclosure EFS Easy Chat Server 3.1 - Password Reset PaulShop - SQL Injection
14 lines
No EOL
522 B
Text
Executable file
14 lines
No EOL
522 B
Text
Executable file
# Exploit Title: [PaulShop CMS <= 2017-03-25 Sql Injection]
|
|
# Date: [10-06-2017]
|
|
# Exploit Author: [Se0pHpHack3r]
|
|
# Vendor Homepage: [https://codecanyon.net/item/paulshop-cms-with-shopping-cart-system/18070714]
|
|
# Version: [2017-03-25]
|
|
|
|
1. Description
|
|
|
|
SQL Injection on Shipping Cost page in Cart, with "country" & "weight" parameter (GET)
|
|
|
|
2. Examples
|
|
|
|
http://localhost/shop/en/cart/shipping_cost?country=[SQL INJECTION HERE]
|
|
http://localhost/shop/en/cart/shipping_cost?country=TH&weight=[SQL INJECTION HERE] |