2090553629
12 changes to exploits/shellcodes VMware Workstations 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read VMware Workstation 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read Microsoft (Win 10) Internet Explorer 11.371.16299.0 - Denial Of Service Microsoft Internet Explorer 11.371.16299.0 (Windows 10) - Denial Of Service VMware Workstation 12.5.2 - Drag n Drop Use-After-Free (Pwn2Own 2017) (PoC) Chrome V8 JIT - 'AwaitedPromise' Update Bug Chrome V8 JIT - Arrow Function Scope Fixing Bug Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC Shopy Point of Sale v1.0 - CSV Injection Blog Master Pro v1.0 - CSV Injection HRSALE The Ultimate HRM v1.0.2 - CSV Injection HRSALE The Ultimate HRM v1.0.2 - 'award_id' SQL Injection HRSALE The Ultimate HRM 1.0.2 - Authenticated Cross-Site Scripting HRSALE The Ultimate HRM v1.0.2 - Local File Inclusion Linux/x86 - Bind TCP (1337/TCP) Shell + Null-Free Shellcode (92 bytes) Linux/x86 - Edit /etc/sudoers with NOPASSWD for ALL Shellcode Linux/x86 - Reverse TCP (5555/TCP) Shellcode - (73 Bytes) Linux/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 bytes) Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access + Null-Free Shellcode (79 bytes) Linux/x86 - Reverse TCP (127.1.1.1:5555/TCP) Shell Shellcode (73 Bytes) Linux/x86 - cp /bin/sh /tmp/sh; chmod +s /tmp/sh Shellcode (74 bytes) Linux/x86 - execve /bin/sh Shellcode Encoded with ROT-13 + RShift-2 + XOR Encoded (44 bytes) Linux/x86 - execve(cp /bin/sh /tmp/sh; chmod +s /tmp/sh) + Null-Free Shellcode (74 bytes) Linux/x86 - execve(/bin/sh) + ROT-13 + RShift-2 + XOR Encoded Shellcode (44 bytes)
32 lines
No EOL
1,014 B
Text
32 lines
No EOL
1,014 B
Text
# Exploit Title: Shopy Point of Sale v1.0 - CSV Injection
|
|
# Date: 2018-04-23
|
|
# Exploit Author: 8bitsec
|
|
# CVE: CVE-2018-10258
|
|
# Vendor Homepage: https://codecanyon.net/
|
|
# Software Link: https://codecanyon.net/item/shopy-point-of-sales/21730225
|
|
# Version: 1.0
|
|
# Tested on: [Kali Linux 2.0 | Mac OS 10.13]
|
|
|
|
Release Date:
|
|
=============
|
|
2018-04-23
|
|
|
|
Product & Service Introduction:
|
|
===============================
|
|
Point of sale for retail stores
|
|
|
|
Technical Details & Description:
|
|
================================
|
|
|
|
A user is able to inject a command that will be included in the exported CSV file.
|
|
|
|
Proof of Concept (PoC):
|
|
=======================
|
|
|
|
1. Login with Sales user's credentials
|
|
2. Browse to Trader > Customer > New Customer and add =cmd|'/C calc'!A1 into the Customer Name field
|
|
3. Log in with admin's credentials
|
|
4. Browse to Sales > Create Invoice to create an invoice for that user
|
|
5. Browse to All Invoice > Export to download and open the exported CSV file
|
|
|
|
================== |