f49abcf00f
13 new exploits Linux Kernel 4.6.3 - Netfilter Privilege Escalation (Metasploit) Linux Kernel 4.6.3 - 'Netfilter' Privilege Escalation (Metasploit) ASLDRService ATK Hotkey 1.0.69.0 - Unquoted Service Path Privilege Escalation Thatware 0.4.6 - SQL Injection InsOnSrv Asus InstantOn 2.3.1.1 - Unquoted Service Path Privilege Escalation Simple Blog PHP 2.0 - Multiple Vulnerabilities Simple Blog PHP 2.0 - SQL Injection Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (Access /etc/shadow) Linux Kernel (Ubuntu 14.04.3) - 'perf_event_open()' Can Race with execve() (Access /etc/shadow) Simple PHP Blog 0.8.4 - (Add Admin) Cross-Site Request Forgery Simple PHP Blog 0.8.4 - Cross-Site Request Forgery (Add Admin) miniblog 1.0.1 - (Add New Post) Cross-Site Request Forgery miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post) PHP Press Release - (Add Admin) Cross-Site Request Forgery PHP Press Release - Cross-Site Request Forgery (Add Admin) Maian Weblog 4.0 - (Add New Post) Cross-Site Request Forgery Spacemarc News - (Add New Post) Cross-Site Request Forgery Maian Weblog 4.0 - Cross-Site Request Forgery (Add New Post) Spacemarc News - Cross-Site Request Forgery (Add New Post) BirdBlog 1.4.0 - (Add New Post) Cross-Site Request Forgery phpEnter 4.2.7 - (Add New Post) Cross-Site Request Forgery BirdBlog 1.4.0 - Cross-Site Request Forgery (Add New Post) phpEnter 4.2.7 - Cross-Site Request Forgery (Add New Post) ApPHP MicroBlog 1.0.2 - (Add New Author) Cross-Site Request Forgery ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author) ApPHP MicroCMS 3.9.5 - (Add Admin) Cross-Site Request Forgery ApPHP MicroCMS 3.9.5 - Cross-Site Request Forgery (Add Admin) ATKGFNEXSrv ATKGFNEX 1.0.11.1 - Unquoted Service Path Privilege Escalation VOX Music Player 2.8.8 - '.pls' Denial of Service IObit Malware Fighter 4.3.1 - Unquoted Service Path Privilege Escalation Colorful Blog - Stored Cross Site Scripting Colorful Blog - Cross-Site Request Forgery (Change Admin Password) Hotspot Shield 6.0.3 - Unquoted Service Path Privilege Escalation RSS News AutoPilot Script 1.0.1 / 3.1.0 - Admin Panel Authentication Bypass JonhCMS 4.5.1 - SQL Injection
22 lines
762 B
Text
Executable file
22 lines
762 B
Text
Executable file
# Exploit Title :----------------- : Thatware 0.4.6 - (friend.php) - SQL Injection
|
|
# Author :------------------------ : Besim
|
|
# Google Dork :---------------- : -
|
|
# Date :-------------------------- : 13/10/2016
|
|
# Type :-------------------------- : webapps
|
|
# Platform : -------------------- : PHP
|
|
# Vendor Homepage :------- : -
|
|
# Software link : -------------- : https://www.exploit-db.com/apps/13132b3e0eaeffc3fad55fded9e5bdc6-thatware_0.4.6.tar.gz
|
|
|
|
|
|
############################ SQL INJECTION Vulnerabilty ############################
|
|
|
|
*-* Code *-*
|
|
|
|
include ("header.php");
|
|
$result=mysql_query("select title from stories where sid=$sid")
|
|
|
|
*-* Vulnerable parameter-: $sid
|
|
|
|
*-* File-----------------: friend.php?sid=(SQL inj)
|
|
|
|
|