UP-RESULT 0.1 2024 SQL Injection Vulnerability

Title: upresult0.1-2024 Multiple-SQLi Author: nu11secur1ty Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/15653/best-student-result-management-system-project-source-code-php-and-mysql-free-download Reference: https://portswigger.net/web-security/sql-injection...

UP-RESULT 0.1 2024 SQL Injection

Title: upresult0.1-2024 Multiple-SQLi Author: nu11secur1ty Date: 04/08/2024 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/15653/best-student-result-management-system-project-source-code-php-and-mysql-free-download Reference:...

SQL injection in SegmentAssignmentController.php

Description An administrator user can use the inheritableSegments feature to execute his own blind SQL queries. Proof of Concept The vulnerable php code is in src/Controller/Admin/SegmentAssignmentController.php, on method inheritableSegments: The parameter type is not escaped and is added on the...

WorkOrder CMS 0.1.0 - SQL Injection

Exploit Title: WorkOrder CMS 0.1.0 - SQL Injection Date: Sep 22, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/romzes13/WorkOrderCMS Software Link: https://github.com/romzes13/WorkOrderCMS/archive/refs/tags/v0.1.0.zip Version: 0.1.0 Tested on: Linux Auth Bypass: username...

WorkOrder CMS 0.1.0 - SQL Injection Vulnerability

Exploit Title: WorkOrder CMS 0.1.0 - SQL Injection Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/romzes13/WorkOrderCMS Software Link: https://github.com/romzes13/WorkOrderCMS/archive/refs/tags/v0.1.0.zip Version: 0.1.0 Tested on: Linux Auth Bypass: username:' or '1'='1...

Ghauri - An Advanced Cross-Platform Tool That Automates The Process Of Detecting And Exploiting SQL Injection Security Flaws

An advanced cross-platform tool that automates the process of detecting andexploiting SQL injection security flaws Requirements Python 3 Python pip3 Installation cd to ghauri directory. install requirements: python3 -m pip install --upgrade -r requirements.txt run: python3 setup.py install or...

CVE-2022-3059

The application was vulnerable to multiple instances of SQL injection authenticated and unauthenticated through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL...

PT-2022-20193 · Red Os · Red Os

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue allows for SQL injection, both authenticated and unauthenticated, through a vulnerable parameter. This parameter can be used to craft and inject complex SQL commands due t...

Online Reviewer System 2.4.0 SQL Injection

Sourcecodester-Online-Reviewer-System-2.4.0 SQL - 4 types of injection vulnerability Vendor Description: The password parameter appears of the Online Reviewer System 1.0 to be vulnerable to SQL injection attacks - 4 types of injection vulnerability. A single quote was submitted in the password...

Build Smart ERP 21.0817 - (eidValue) SQL Injection Vulnerability

Exploit Title: Build Smart ERP 21.0817 - 'eidValue' SQL Injection Unauthenticated Exploit Author: Nehru Sethuraman Vendor Homepage: https://ribccs.com/solutions/solution-buildsmart Version: 21.0817 Build: 3 Google Dorks: intitle:buildsmart accounting Tested on: OS - Windows 2012 R2 or 8.1 &...

Build Smart ERP 21.0817 SQL Injection

Exploit Title: Build Smart ERP 21.0817 - 'eidValue' SQL Injection Unauthenticated Date: 24/10/2021 Exploit Author: Nehru Sethuraman Vendor Homepage: https://ribccs.com/solutions/solution-buildsmart Version: 21.0817 Build: 3 Google Dorks: intitle:buildsmart accounting Tested on: OS - Windows 2012 ...

Cacti 1.2.12 SQL Injection / Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/hashes/identify' class MetasploitModule 'Cacti color filter authenticated SQLi to RCE', 'Description' = %q This module exploits a SQL...

Cacti 1.2.12 SQL Injection / Remote Command Execution Exploit

This Metasploit module exploits a SQL injection vulnerability in Cacti versions 1.2.12 and below. An admin can exploit the filter variable within color.php to pull arbitrary values as well as conduct stacked queries. With stacked queries, the pathphpbinary value is changed within the settings tab...

Fast PHP Chat 1.3 - (my_item_search) SQL Injection Vulnerability

Exploit Title: Fast PHP Chat 1.3 - 'myitemsearch' SQL Injection Exploit Author: Fatih Coskun Vendor Homepage: https://codecanyon.net/item/fast-php-chat-responsive-live-ajax-chat/10721076 Version: 1.3 Category: Webapps Tested on: Kali linux Description : The vulnerability allows an attacker to...

Fast PHP Chat 1.3 SQL Injection

Exploit Title: Fast PHP Chat 1.3 - 'myitemsearch' SQL Injection Date: 15/04/2021 Exploit Author: Fatih Coskun Vendor Homepage: https://codecanyon.net/item/fast-php-chat-responsive-live-ajax-chat/10721076 Version: 1.3 Category: Webapps Tested on: Kali linux Description : The vulnerability allows a...

Project Expense Monitoring System 1.0 SQL Injection

Exploit Title: Project Expense Monitoring System | SQL Login Bypass Multiple Exploit Author: Richard Jones Date: 2021-03-28 Vendor Homepage: https://www.sourcecodester.com/php/14001/project-expense-monitoring-system-project-php-source-code-2020.html Software Link:...

MyBB 1.8.25 - Poll Vote Count SQL Injection

Exploit Title: MyBB 1.8.25 - Poll Vote Count SQL Injection Exploit Author: SivertPL [email protected] Date: 20.03.2021 Description: Lack of sanitization in the "votes" parameter in "Edit Poll" causes a second-order semi-blind SQL Injection that is triggered when performing a "Move/Copy"...

SQLMap v1.4.9 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

DEBIAN-CVE-2020-14295

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries...

Sql injection

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries...