Zomato: [www.zomato.com] Boolean SQLi - /███████.php

@gerbenjavado found that the parameter brids which was a JSON array was vulnerable to boolean SQL injection. POC Requesting MID0x352e362e33332d6c6f67,1,1//LIKE//5 hex == @@version resulted in a 500 HTTP status and MID0x352e362e33332d6c6f67,1,1//LIKE//4 resulted in a 200 HTTP status. Showing that...

Zomato: [www.zomato.com] Boolean SQLi - /█████.php

@gerbenjavado found that the parameter entityid was vulnerable to SQLi on endpoint /████.php using a Boolean technique. POC The POC uses ifmid@@version,1,1=5 which returns a 200 ok message. If changed for ifmid@@version,1,1=4 the server gives a 500 or 504 error, confirming the SQLi and proving da...

Advanced World Database 2.0.5 SQL Injection

Exploit Title: Advanced World Database 2.0.5 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/advanced-world-database/ Version: 2.0.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit...

Affiliate MLM Script 1.0 SQL Injection

Exploit Title: Affiliate MLM Script 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/affiliate-mlm-script/ Demo: http://www.smsemailmarketing.in/demo/Affiliate/ Version: 1.0 Category: Webapps Test...

Advanced World Database 2.0.5 - SQL Injection

Advanced World Database 2.0.5 - SQL Injection Exploit Title: Advanced World Database 2.0.5 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/advanced-world-database/ Version: 2.0.5 Category: Webapps...

Foodspotting Clone Script 1.0 - 'quicksearch.php?q' SQL Injection

Exploit Title: Foodspotting Clone Script 1.0 - 'q' SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/foodspotting-clone/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit...

Freelance Website Script 2.0.6 - 'pr_id' / 'catid' SQL Injection

Exploit Title: Freelance Website Script 2.0.6 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/freelance-website-script/ Version: 2.0.6 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Explo...

Affiliate MLM Script 1.0 - product-category.php?key SQL Injection

Affiliate MLM Script 1.0 - product-category.php?key SQL Injection Exploit Title: Affiliate MLM Script 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/affiliate-mlm-script/ Demo:...

Advance Online Learning Management Script 3.1 - 'subcatid' / 'popcourseid' SQL Injection

Exploit Title: Advance Online Learning Management Script 3.1 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/online-learning-management-script/ Demo: http://thavasu.com/demo/onlineeducation/ Version:...

Advance B2B Script 2.1.3 - 'show_id' / 'pid' SQL Injection

Exploit Title: Advance B2B Script 2.1.3 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/advance-b2b-script/ Demo: http://198.38.86.159/advancedb2b/ Version: 2.1.3 Category: Webapps Tested on:...

FS IMDB Clone - id SQL Injection

FS IMDB Clone - id SQL Injection Exploit Title: FS IMDB Clone - 'id' SQL Injection Date: 2017-12-06 Exploit Author: Dan° Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/imdb-clone/ Version: 2017-12-06 Tested on: Kali Linux 2.0 PoC: SQL Injection on G...

FS Facebook Clone - 'token' SQL Injection

Exploit Title: FS Facebook Clone - 'token' SQL Injection Date: 2017-12-06 Exploit Author: Dan° Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/facebook-clone/ Version: 2017-12-06 Tested on: Kali Linux 2.0 PoC: SQL Injection on GET parameter = token...

FS IMDB Clone - 'id' SQL Injection

Exploit Title: FS IMDB Clone - 'id' SQL Injection Date: 2017-12-06 Exploit Author: Dan° Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/imdb-clone/ Version: 2017-12-06 Tested on: Kali Linux 2.0 PoC: SQL Injection on GET parameter = id...

FS Makemytrip Clone - id SQL Injection

FS Makemytrip Clone - id SQL Injection Exploit Title: FS Makemytrip Clone - SQL Injection Date: 2017-12-05 Exploit Author: Dan° Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/makemytrip-clone/ Version: 2017-12-05 Tested on: Kali Linux 2.0 PoC: SQL...

FS Shaadi Clone SQL Injection

Exploit Title: FS Shaadi Clone - SQL Injection Date: 2017-12-05 Exploit Author: DanAdeg Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/shaadi-clone/ Version: 2017-12-05 Tested on: Kali Linux 2.0 PoC: SQL Injection on GET parameter = token...

FS Facebook Clone SQL Injection

Exploit Title: FS Facebook Clone - 'token' SQL Injection Date: 2017-12-06 Exploit Author: DanAdeg Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/facebook-clone/ Version: 2017-12-06 Tested on: Kali Linux 2.0 PoC: SQL Injection on GET parameter = toke...

FS IMDB Clone SQL Injection

Exploit Title: FS IMDB Clone - 'id' SQL Injection Date: 2017-12-06 Exploit Author: DanAdeg Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/imdb-clone/ Version: 2017-12-06 Tested on: Kali Linux 2.0 PoC: SQL Injection on GET parameter = id...

FS Shaadi Clone - 'token' SQL Injection

Exploit Title: FS Shaadi Clone - SQL Injection Date: 2017-12-05 Exploit Author: Dan° Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/shaadi-clone/ Version: 2017-12-05 Tested on: Kali Linux 2.0 PoC: SQL Injection on GET parameter = token...

FS Makemytrip Clone - 'id' SQL Injection

Exploit Title: FS Makemytrip Clone - SQL Injection Date: 2017-12-05 Exploit Author: Dan° Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/makemytrip-clone/ Version: 2017-12-05 Tested on: Kali Linux 2.0 PoC: SQL Injection on GET parameter = id...

FS Shaadi Clone - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: FS Shaadi Clone - SQL Injection Date: 2017-12-05 Exploit Author: Dan° Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/shaadi-clone/ Version: 2017-12-05 Tested on: Kali Linux 2.0 PoC...