CVE-2019-17357

Cacti through 1.2.7 is affected by a graphs.php?templateid= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, ...

CVE-2019-3650

CVE-2019-3650 affects McAfee Advanced Threat Defense (ATD) prior to 4.8. The vulnerability is an information disclosure where a crafted GET request can extract insecure information stored in the ATD database, allowing remote authenticated attackers to gain access to atduser credentials. The conne...

TYPO3 Information Disclosure Vulnerability (CNVD-2019-41231)

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 versions prior to 4.3.12, 4.4.x prior to 4.4.9, and 4.5.x prior to 4.5.4. An attacker could exploit the vulnerability to extract arbitrary informati...

CVE-2011-4901

CVE-2011-4901 affects TYPO3 prior to 4.3.12, 4.4.x prior to 4.4.9, and 4.5.x prior to 4.5.4. The issue enables remote attackers to extract arbitrary information from the TYPO3 database (information disclosure). Root cause and affected component are described in TYPO3 security advisories and relat...

CVE-2019-16404

Authenticated SQL Injection in interface/forms/eyemag/js/eyebase.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter...

OpenEMR 5.0.1 Patch 6 SQLi Dump

This module exploits a SQLi vulnerability found in OpenEMR version 5.0.1 Patch 6 and lower. The vulnerability allows the contents of the entire database with exception of log and task tables to be extracted. This module saves each table as a .csv file in your loot directory and has been tested wi...

YouPHPTube 7.2 - userCreate.json.php SQL Injection

YouPHPTube 7.2 - userCreate.json.php SQL Injection Exploit Title: YouPHPTube 7.3 SQL Injection Google Dork: / Date: 19.08.2019 Exploit Author: Fabian Mosch, r-tec IT Security GmbH Vendor Homepage: https://www.youphptube.com/ Software Link: https://github.com/YouPHPTube/YouPHPTube Version: 7.3...

MSVOD 10 - cid SQL Injection

MSVOD 10 - cid SQL Injection Exploit Title: MSVOD V10 ¡V SQL Injection Google Dork: inurl:"images/lists?cid=13" Date: 2018/07/17 Exploit Author: Hzllaga Vendor Homepage: http://www.msvod.cc/ Version: MSVOD V10 CVE : CVE-2018-14418 Reference : https://www.wtfsec.org/2583/msvod-v10-sql-injection/...

CVE-2018-12977

A SQL injection vulnerability in the SoftExpert SE Excellence Suite 2.0 allows remote authenticated users to perform SQL heuristics by pulling information from the database with the "cddocument" parameter in the "Downloading Electronic Documents" section...

TheDoc - Simple But Very Useful SQLMAP Automator With Built In Admin Finder, Hash Cracker (Using Hashcat) And More!

TheDoc is a simple but very useful SQLMAP automator with built in admin finder, hash crackerusing hashca and more! Abilities: Counts total injections tried. Crawls given domain for vulnerabilties. Extracts Database Infos via injection URL Extract Users, Passwords & emails via injection URL Extrac...

SQL injection vulnerability in the cid parameter of OpenCourse_new.aspx page of the CMS system of the resource management platform of Beijing Hanboer Information Technology Co.

Resource Management Platform CMS is a comprehensive management and application platform based on the cloud service system, through a multi-layer system architecture, establishing a multi-level cloud platform and cloud application environment covering provinces, municipalities, counties, schools a...

Herpes Net 3.0 SQL Injection

import random import pycurl import urllib import cStringIO import json def ui: try: return unicodei, errors='ignore' except: return i class HerpesNetPanel: def initself, gatewayurl: self.gatewayurl = gatewayurl @staticmethod def getfieldgateway, table, column, row: prefix = "" while lenprefix 6:...

WeBid 1.0.6 - SQL Injection

Exploit Title: WeBid 1.0.6 SQL Injection Vulnerability Google Dork: "Powered by WeBid" Date: 1/9/13 Exploit Author: Life Wasted Vendor Homepage: http://www.webidsupport.com/ Version: Tested on 1.0.6, but could affect other version Tested On: Linux, Windows Vulnerable Code: Line 53 of the...

Harvard Carr Center for Human Rights Policy Hacked, Password was "DOG" ?

Harvard's Carr Center for Human Rights Policy website www.hks.harvard.edu/cchrp/ was hacked last week and then silently fixed by the administrator without giving Reply/Credit to the Whitehat Hacker who reported the vulnerability. The Hack incident was performed in 3 Phases as described below: Pha...

Iframe Injection & Blind SQL Injection vulnerability on Apple.com exposed by Idahc(lebanese hacker)

Iframe Injection & Blind SQL Injection vulnerability on Apple.com exposed by Idahclebanese hacker After Sony hacks, Idahclebanese hacker is back to strike Apple.com . He found two vulnerability on as listed below. Iframe Injection : Click here Blind SQL INjection: Click Here Examples of the...

Delhi University's Control Panel & Fashion TV India's Data Hacked by Moofster

Delhi University's Control Panel & Fashion TV India's Data Hacked by Moofster Delhi University's & Fashion TV India's https://ftv.co.in/websites are vulnerable to SQL injection. A hacker "Moofster" has been hack the admin panel of Delhi University's website and He also extract the database of...

Cyber Law India Website Hacked By MaDnI [ ZHC ]

Cyber Law India Website Hacked By MaDnI ZHC MaDnI ZHC Found sql vuln in Cyber Law India website at https://www.cyberlawonline.in/ , Because of that, he is able to extract whole database of site. MaDnI ZHC Posted his Hack info on a online text file at...

Samyak Tejawat found vulnerability in this Italian government site !

Samyak Tejawat 13 year old found vulnerability in this Italian government site ! Whole database can be extracted. Mr. Samyak Tejawat inform the admins of site about this venerability, Hope it will be fixed soon : SQLi vuln. link =...

Calendarix 0.8.20071118 - SQL Injection

Calendarix 0.8.20071118 - SQL Injection Informatique inside Calendarix : SQL injection Version : 0.8.20071118 et infrieur Author : Thibow Contact : Thibow4tlinformatique-insidedotcom Location : France Website : http://www.informatique-inside.com Dork : "inurl:calday.php?op=day&catview=" Solution ...

PerlDesk 1.x - SQL Injection

PerlDesk 1.x - SQL Injection !/usr/bin/perl Example: kb.cgi?view=0 UNION SELECT 1,3,password,username,3,7 FROM users Exploit is attached. ./pde.pl www.internethosting4u.com /perldesk/kb.cgi 148.244.150.58:80 use IO::Socket; print ' PerlDesk exploit Usage: ./pdsploit.pl host path proxy Vunerabilit...