DTracker 1.5 - Multiple Unauthenticated Blind SQL Injections

The dtracker WordPress plugin was affected by a Multiple Unauthenticated Blind SQL Injections security vulnerability...

e107 2.1.4 - keyword Blind SQL Injection

e107 2.1.4 - keyword Blind SQL Injection !/usr/bin/perl e107 = 2.1.4 "keyword" Blind SQL Injection Exploit -------------------------------------------------------------------------- Discovered by staker - stakerathotmaildotit Discovered on 09/03/2017 Site Vendor: http://www.e107.org BUG: Blind SQ...

Blizard BB 1.7 (privtmsg) MD5 Hash Retrieve Blind sql injection Exploit

Exploit for php platform in category web applications !/usr/bin/perl ------------------------------------------------------------------------ + Blizard BB 1.7 privtmsg MD5 Hash Retrieve blind sql injection ------------------------------------------------------------------------ Discovered by Juri...

Kama Click Counter <= 3.4.9 - Authenticated Blind SQL Injection

The Kama Click Counter WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability. http://www.example.com/wp-admin/admin.php?page=kama-clic-counter&orderby=linkname&order=ASC%2cselectfromselectsleep30a&paged=1...

Kama Click Counter <= 3.4.9 - Authenticated Blind SQL Injection

The Kama Click Counter WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability. PoC http://www.example.com/wp-admin/admin.php?page=kama-clic-counterby=linkname=ASC%2cselectfromselectsleep30a=1...

Sql injection

An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as selectloadfile. The vulnerability...

CVE-2017-5879

An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as selectloadfile. The vulnerability...

CVE-2017-5879

An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as selectloadfile. The vulnerability...

CVE-2017-5879

CVE-2017-5879 affects Exponent CMS 2.4.1. The issue is a blind SQL injection in the file/source_selector.php, targeting the src parameter, that can be exploited by unauthenticated users via an HTTP GET request and may allow dumping of database data to a malicious server using an out-of-band techn...

NewsBee CMS - SQL Injection

NewsBee CMS - SQL Injection Exploit Title: NewsBee CMS – SQL Injection Date: 06.02.2017 Software Link: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937?srank=2 Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category:...

Property Listing Script Blind SQL Injection

Exploit Title: Property Listing Script a Time-Based Blind Injection Date: 02.02.2017 Vendor Homepage: http://phprealestatescript.org/ Software Link: http://phprealestatescript.org/property-listing-script.html Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com...

Property Listing Script - propid Blind SQL Injection

Property Listing Script - propid Blind SQL Injection Exploit Title: Property Listing Script – Time-Based Blind Injection Date: 02.02.2017 Vendor Homepage: http://phprealestatescript.org/ Software Link: http://phprealestatescript.org/property-listing-script.html Exploit Author: Kaan KAMIS Contact:...

CVE-2017-5569

An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an...

CVE-2017-5570

An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band...

Acunetix Release Web Site Security Pen Testing Tools Free

HTTP editor, fuzzer and sniffer tools help pen testers identify vulnerabilities London, UK – January 2016 – Hot on the release of Acunetix Version 11, pioneering web application security software Acunetix, now delivering Manual Pen Testing Tools at no cost. Penetration testers can make use of an...

ZM Gallery 1.0 – Authenticated Blind SQL Injection

The plugin is still affected and has been closed. Type user access: admin user. $GET‘order’ is escaped wrong. Attack with Blind Injection PoC python sqlmap.py -u "http://www.example.com/wp-admin/admin.php?page=zmgallery=name=desc" --dbs --cookie="cookie of admin user" --level=5 --dbms=mysql...

DCFM Blog 0.9.7 Blind SQL Injection

DCFM Blog Version 0.9.7 Blind SQL Injection Vulnerability time based-attack ================================================================================ Discovered by NA , NAattutanota.com ======================================== Description ============ Open-source blog project. Free blog...

phpWebAdmin 1.0 SQL Injection Vulnerability

phpWebAdmin version 1.0 suffers from a remote SQL injection vulnerability. !/usr/bin/perl -w phpWebAdmin Version 1.0 SQL Injection Proof Of Concept Exploit =============================================================== Discovered by NA , NAattutanota.com ========================================...

CVE-2016-9272

A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service...

CVE-2016-9272

A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service...