cd868436ff
25 changes to exploits/shellcodes Realterm Serial Terminal 2.0.0.70 - Denial of Service Realterm Serial Terminal 2.0.0.70 - Local Buffer Overflow (SEH) NBMonitor 1.6.5.0 - 'Key' Denial of Service (PoC) Oracle Java Runtime Environment - Heap Out-of-Bounds Read During OTF Font Rendering in glyph_CloseContour Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMap_blocClass Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process mIRC < 7.55 - Remote Command Execution Using Argument Injection Through Custom URI Protocol Handlers qdPM 9.1 - 'type' Cross-Site Scripting qdPM 9.1 - 'search[keywords]' Cross-Site Scripting Master IP CAM 01 3.3.4.2103 - Remote Command Execution MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module CMSsite 1.0 - 'post' SQL Injection M/Monit 3.7.2 - Privilege Escalation Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload Apache CouchDB 2.3.0 - Cross-Site Scripting ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting Comodo Dome Firewall 2.7.0 - Cross-Site Scripting Zoho ManageEngine ServiceDesk Plus (SDP) < 10.0 build 10012 - Arbitrary File Upload WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Payment Bypass / Unauthorized Order Status Spoofing macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes) macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes) macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes)
26 lines
No EOL
1.2 KiB
Text
26 lines
No EOL
1.2 KiB
Text
===========================================================================================
|
|
# Exploit Title: Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload
|
|
# Dork: N/A
|
|
# Date: 10-02-2019
|
|
# Exploit Author: Mehmet EMIROGLU
|
|
# Vendor Homepage: https://sourceforge.net/projects/webinessinventory/files/
|
|
# Software Link: https://sourceforge.net/projects/webinessinventory/files/
|
|
# Version: 2.3
|
|
# Category: Webapps
|
|
# Tested on: Wamp64, Windows
|
|
# CVE: CVE-2019-8404
|
|
# Software Description: Small stock inventory managment application for web.
|
|
===========================================================================================
|
|
# POC:
|
|
# Sign in to admin panel. then go to the inventory tab.
|
|
Switch to the products tab and create a new product.
|
|
In product image, click the browse button and select a file.
|
|
https://i.hizliresim.com/OvrOOn.jpg
|
|
When you save the product, the script is loaded with the error file to
|
|
the server.
|
|
for example service unvailable
|
|
https://i.hizliresim.com/zjGqD4.jpg
|
|
path to the file we uploaded
|
|
https://i.hizliresim.com/XMbpp5.jpg
|
|
# http://localhost/[PATH]/runtime/ProductModel/[FILE]
|
|
=========================================================================================== |