PoC for Pemira Development Application SQLi Vulnerability
選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。
myitinos ed45cdee05 added jpg 2年前
LICENSE Initial commit 2年前
PemiraHelper.py added helper file so it can be used for all exploit 2年前
README.md Update 'README.md' 2年前
getEarlyResult.py removed NIM, you don't need it. and added both page to process at once 2年前
pvote.py moved 'NIM' parameter to GLOBAL for easier editing 2年前
shell.php.jpg added jpg 2年前
sqli.py added sqli exploit with customable SQL payload 2年前



PoC for Pemira Development Vulnerability and Bug

Just read the code...

I'm too lazy to provide documentation...

sqli.py - Closed

SQLi vulnerabilities at validate.php that enables attacker to execute arbitrary SQL code with logged in database user level access.

pvote.py - Open

Improper check at validate.php that enables panitia to vote as normal mhs (panitia shouldn't be able to vote)

getEarlyResult - Closed

Improper check at private.php that enables anyone (even without user authorization) to access voting results even before specified end time.