lastResortTimelockOwnerClaimNFT() can retrieve the token although drawing is in progress

Lines of code Vulnerability details Impact owner can retrieve the token although drawing is in progress Proof of Concept lastResortTimelockOwnerClaimNFT Be used in: " If no users ultimately claim the NFT, the admin specifies a timelock period after which they can retrieve the raffled NFT. " But i...

SimpNews <= 2.40.01 (print.php newnr) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w SimpNews = 2.40.01 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code print.php: $sql = select from .$tableprefix.data where newsnr=$newsnr; PoC:...

mlf17-sql.txt

!/usr/bin/perl -w My Little Forum = 1.7 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code user.php: if isset$GET'id' $id = $GET'id'; switch $action case "get userdata": if empty$id $id = $userid; else $result =...