# Exploit Title: Client Management System 1.1 - 'Search' SQL Injection # Date: 14 June 2021 # Exploit Author: BHAVESH KAUL # Vendor Homepage: https://phpgurukul.com # Software Link: https://phpgurukul.com/client-management-system-using-php-mysql/ # Version: 1.1 # Tested on: Server: XAMPP # Description # Client Management System 1.1 is vulnerable to SQL Injection in the admin panel 'search invoices' field because of insufficient user supplied data sanitization. # Proof of Concept (PoC) : Exploit # 1) Goto: http://localhost/clientms/admin/index.php 2) Login as admin using test credentials: admin/Test@123 3) Goto: http://localhost/clientms/admin/search-invoices.php 4) Enter the following payload in the search field: ' OR 'x'='x 5) All results are showed instead of none ==> SQL Injection success
Entradas
# Exploit Title: CKEditor 3 - Server-Side Request Forgery (SSRF) # Google Dorks : inurl /editor/filemanager/connectors/uploadtest.html # Date: 12-6-2021 # Exploit Author: Blackangel # Software Link: https://ckeditor.com/ # Version:all version under 4 (1,2,3) # Tested on: windows 7 Steps of Exploit:- 1-using google dorks inurl /editor/filemanager/connectors/uploadtest.html 2-after going to vulnerable page you will find filed “Custom Uploader URL: ” 3-right click then choose inspect element, click on pick an element from the page , select field Custom Uploader URL: 4-in elements “<input id=”txtCustomUrl” style=”WIDTH: 100%; BACKGROUND-COLOR: #dcdcdc” disabled=”” type=”text”>” delete disabled=”” 5-now you can put url start with any protocal 6-send it to the server as you see website that you have entered link is appear into page . what this mean??!!1 you send request to server using vulnerable website you can said i used it as proxy hackers ...
juan sebastian castillo
Símbolo Alt+abcd Símbolo Alt+abcd ☺ Alt- 1 ☻ Alt- 2 ♥ Alt- 3 ♦ Alt- 4 ♣ Alt- 5 ♠ Alt- 6 ● Alt- 7 ◘ Alt- 8 ○ Alt- 9 ◙ Alt- 10 ♂ Alt- 11 ♀ Alt- 12 ♪ Alt- 13 ♫ Alt- 14 ☼ Alt- 15 ► Alt- 16 ◄ Alt- 17 ↕ Alt- 18 ‼ Alt- 19 ¶ Alt- 20 § Alt- 21 ▬ Alt- 22 ↨ Alt- 23 ↑ Alt- 24 ↓ Alt- 25 → Alt- 26 ← Alt- 27 ∟ Alt- 28 ↔ Alt- 29 ▲ Alt- 30 ▼ Alt- 31 espacio Alt- 32 ! Alt- 33 " Alt- 34 # Alt- 35 $ Alt- 36 % Alt- 37 & Alt- 38 ' Alt- 39 ( Alt- 40 ) Alt- 41 * Alt- 42 + Alt- 43 , Alt- 44 - Alt- 45 . Alt- 46 / Alt- 47 0 Alt- 48 1 Alt- 49 2 Alt- 50 3 Alt- 51 4 Alt- 52 5 Alt- 53 6 Alt- 54 7 Alt- 55 8 Alt- 56 9 Alt- 57 : Alt- 58 ; Alt- 59 < Alt- 60 = Alt- 61 > Alt- 62 ? Alt- 63 @ Alt- 64 A Alt- 65 B Alt- 66 C Alt- 67 D Alt- 68 E Alt- 69 F Alt- 70 G Alt- 71 H Alt- 72 I Alt- 73 J Alt- 74 K Alt- 75 L Alt- 76 M Alt- 77 N Alt- 78 O Alt- 79 P Alt- 80 Q Alt- 81 R Alt- 82 S Alt- 83 T Alt- 84 U Alt- 85 V Alt- 86 W Alt- 87 X Alt- 88 Y Alt- 89 Z Alt- 90 [ Alt- 91 \ Alt- 92 ] Alt- 93 ^ Alt- 94 _ Alt- 9...