446 matches found
Vendor BPC Silent on Patching SQL Injection in SmartVista Ecommerce Software
A popular ecommerce platform sold in 60 countries suffers from a SQL injection vulnerability privately disclosed in April that has yet to be patched by the vendor. BPC Banking Technologies of Switzerland has not acknowledged the vulnerability in its SmartVista suite of ecommerce and financial...
ClipShare 7.0 SQL Injection
Exploit Title: ClipShare v7.0 - SQL Injection Date: 2017-10-09 Exploit Author: 8bitsec Vendor Homepage: http://www.clip-share.com/ Software Link: http://www.clip-share.com/ Version: 7.0 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected] Contact: https://twitter.com/8bitsec Relea...
PHP Multi Vendor Script 1.02 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: PHP Multi Vendor Script v1.02 - 'sid' Parameter SQL Injection Date: 2017-09-28 Exploit Author: 8bitsec Vendor Homepage: http://www.dexteritysolution.com/ Software Link:...
Real Estate MLM Plan Script 1.0 SQL Injection
Exploit Title: Real Estate MLM plan script v1.0 - 'srch' Parameter SQL Injection Date: 2017-09-28 Exploit Author: 8bitsec Vendor Homepage: http://www.mlmscript.in/ Software Link: http://www.mlmscript.in/real-estate-mlm-script.html Version: 1.0 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email:...
MyBuilder Clone 1.0 SQL Injection
Exploit Title: MyBuilder Clone 1.0 - SQL Injection Dork: N/A Date: 29.09.2017 Vendor Homepage: http://www.contractorscripts.com/ Software Link: http://order.contractorscripts.com/ Demo: http://demo.contractorscripts.com/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
PG All Share Video 1.0 SQL Injection
Exploit Title: PG All Share Video 1.0 - SQL Injection Dork: N/A Date: 29.09.2017 Vendor Homepage: http://www.pilotgroup.net/ Software Link: http://www.allsharevideo.com/features.php Demo: http://demo.allsharevideo.com/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploi...
Article Directory Script 3.0 SQL Injection
Exploit Title: Article Directory Script 3.0 - SQL Injection Dork: N/A Date: 29.09.2017 Vendor Homepage: http://www.yourarticlesdirectory.com/ Software Link: http://www.yourarticlesdirectory.com/ Demo: http://www.yourarticlesdirectory.com/livedemo.php Version: 3.0 Category: Webapps Tested on:...
Easy Blog PHP Script 1.3a - id SQL Injection
Easy Blog PHP Script 1.3a - id SQL Injection Exploit Title: Easy Blog PHP Script v1.3a - SQL Injection Date: 2017-09-27 Exploit Author: 8bitsec Vendor Homepage: https://www.codester.com/ Software Link: https://www.codester.com/items/4616/easy-blog-php-script Version: 1.3a Tested on: Kali Linux 2....
PHP Multi Vendor Script 1.02 - 'sid' SQL Injection
Exploit Title: PHP Multi Vendor Script v1.02 - 'sid' Parameter SQL Injection Date: 2017-09-28 Exploit Author: 8bitsec Vendor Homepage: http://www.dexteritysolution.com/ Software Link: http://www.dexteritysolution.com/php-multivendor-e-commerce-script.html Version: 1.02 Tested on: Kali Linux 2.0 |...
Easy Blog PHP Script 1.3a - 'id' SQL Injection
Exploit Title: Easy Blog PHP Script v1.3a - SQL Injection Date: 2017-09-27 Exploit Author: 8bitsec Vendor Homepage: https://www.codester.com/ Software Link: https://www.codester.com/items/4616/easy-blog-php-script Version: 1.3a Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected]...
CVE-2017-14601
Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $GET'forwhat', resulting in Information Disclosure...
Sql injection
Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $GET'forwhat', resulting in Information Disclosure...
CVE-2017-14601
Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $GET'forwhat', resulting in Information Disclosure...
SQLMap v1.1.8 - Automatic SQL Injection And Database Takeover Tool
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...
Joomla CCNewsLetter 2.1.9 Component - sbid Parameter SQL Injection Vulnerability
Exploit for php platform in category web applications "Joomla Component ccnewsletter 2.1.9 - 'sbid' Parameter SQL Injection" Exploit Title: Joomla Component ccnewsletter 2.1.9 - SQL Injection Date: 07-26-2017 Exploit Author: Shahab Shamsi Vendor Homepage:...
Joomla! Component CCNewsLetter 2.1.9 - 'sbid' SQL Injection
"Joomla Component ccnewsletter 2.1.9 - 'sbid' Parameter SQL Injection" Exploit Title: Joomla Component ccnewsletter 2.1.9 - SQL Injection Date: 07-26-2017 Exploit Author: Shahab Shamsi Vendor Homepage: https://extensions.joomla.org/extension/ccnewsletter/ Version: = 2.1.9 Final Version Tested on:...
WordPress Plugin IBPS Online Exam <= 1.0 - Authenticated SQL Injection / Cross-Site Scripting
Exploit Author: 8bitsec Contact Author: https://twitter.com/8bitsec Stored XSS on exam input textfields and Blind SQL Injection on 'examappUserResult' page 'id' parameter. PoC Authenticated Stored XSS: Logged as a student: Write the payload in the input textfields while attempting an exam. The...
Joomla 3.7.0 - com_fields SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla 3.7.0 - Sql Injection Date: 05-19-2017 Exploit Author: Mateus Lino Reference: https://blog.sucuri.net/2017/05/sql-injection-vulnerability-joomla-3-7.html Vendor Homepage: https://www.joomla.org/ Version: = 3.7.0 Tested on...
Joomla! 3.7.0 - 'com_fields' SQL Injection
Exploit Title: Joomla 3.7.0 - Sql Injection Date: 05-19-2017 Exploit Author: Mateus Lino Reference: https://blog.sucuri.net/2017/05/sql-injection-vulnerability-joomla-3-7.html Vendor Homepage: https://www.joomla.org/ Version: = 3.7.0 Tested on: Win, Kali Linux x64, Ubuntu, Manjaro and Arch Linux...
Joomla! 3.7.0 - com_fields SQL Injection
Joomla! 3.7.0 - comfields SQL Injection Exploit Title: Joomla 3.7.0 - Sql Injection Date: 05-19-2017 Exploit Author: Mateus Lino Reference: https://blog.sucuri.net/2017/05/sql-injection-vulnerability-joomla-3-7.html Vendor Homepage: https://www.joomla.org/ Version: = 3.7.0 Tested on: Win, Kali...