PoC for Pemira Development Application SQLi Vulnerability
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
 
myitinos ed45cdee05 added jpg il y a 2 ans
LICENSE Initial commit il y a 2 ans
PemiraHelper.py added helper file so it can be used for all exploit il y a 2 ans
README.md Update 'README.md' il y a 2 ans
getEarlyResult.py removed NIM, you don't need it. and added both page to process at once il y a 2 ans
pvote.py moved 'NIM' parameter to GLOBAL for easier editing il y a 2 ans
shell.php.jpg added jpg il y a 2 ans
sqli.py added sqli exploit with customable SQL payload il y a 2 ans

README.md

pemira-atk

PoC for Pemira Development Vulnerability and Bug

Just read the code...

I'm too lazy to provide documentation...

sqli.py - Closed

SQLi vulnerabilities at validate.php that enables attacker to execute arbitrary SQL code with logged in database user level access.

pvote.py - Open

Improper check at validate.php that enables panitia to vote as normal mhs (panitia shouldn't be able to vote)

getEarlyResult - Closed

Improper check at private.php that enables anyone (even without user authorization) to access voting results even before specified end time.