fimap

fimap is a Python tool designed to find, prepare, audit, exploit, and even automatically Google for local and remote file inclusion LFI/RFI bugs in web applications. It can identify and exploit file inclusion bugs, including include, includeonce, require, and requireonce functions. The tool has a...

WordPress FormCraft Basic 1.0.5 SQL Injection

Exploit Title: FormCraft Basic v1.0.5 blind and header sql injection Google Dork: inurl: /formcraft -- inurl:formcraft/form.php Software Link: formcraft-wp.com Date: 05/07/2017 Exploit Author: Seyyed Amir Hossein Mir Hosseini Root & r0m3r0 Version: v1.0.5 Tested on: wordpress sites and CentOS...

BSQLinjector - Blind SQL Injection Exploitation Tool

BSQLinjector uses blind method to retrieve data from SQL databases. I recommend using "--test" switch to clearly see how configured payload looks like before sending it to an application. Options: --file Mandatory - File containing valid HTTP request and SQL injection point SQLINJECT...