The Shop v2.5 - SQL Injection Vulnerability

Exploit Title: The Shop v2.5 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/the-shop/34858541 Demo Site: https://shop.activeitzone.com Tested on: Kali Linux CVE: N/A Request POST /api/v1/carts/add HTTP/1.1 Content-Type: application/json Accept:...

The Shop v2.5 - SQL Injection

Exploit Title: The Shop v2.5 - SQL Injection Date: 2023-06-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/the-shop/34858541 Demo Site: https://shop.activeitzone.com Tested on: Kali Linux CVE: N/A Request POST /api/v1/carts/add HTTP/1.1 Content-Type: application/json...

Expert Job Portal Management System 1.0 SQL Injection Vulnerability

┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ Vulnerability ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │...

MotoCMS 3.4.3 SQL Injection

Title: MotoCMS Version 3.4.3 - SQL Injection Author: tmrswrr Date: 01/06/2023 Vendor: https://www.motocms.com Link: https://www.motocms.com/website-templates/demo/189526.html Vulnerable Versions: MotoCMS 3.4.3 Description MotoCMS Version 3.4.3 SQL Injection via the keyword parameter. Steps to...

Anuko TimeTracker SQL注入漏洞

Anuko TimeTracker is an Anuko open source application . Provides a Web-based open source time tracking application written in PHP. A SQL injection vulnerability exists in versions prior to Anuko TimeTracker 1.22.11.5781, which stems from a Boolean-based SQL injection in Time Tracker invoices.php,...

PHPJabbers Simple CMS 5.0 SQL Injection

Exploit Title: PHPJabbers Simple CMS 5.0 - SQL Injection Date: 2023-04-29 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/ Version: 5.0 Tested on: Kali Linux Request GET...

PHPJabbers Simple CMS 5.0 - SQL Injection Vulnerability

Exploit Title: PHPJabbers Simple CMS 5.0 - SQL Injection Date: 2023-04-29 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/ Version: 5.0 Tested on: Kali Linux Request GET...

PHPJabbers Simple CMS 5.0 - SQL Injection

Exploit Title: PHPJabbers Simple CMS 5.0 - SQL Injection Date: 2023-04-29 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/ Version: 5.0 Tested on: Kali Linux Request GET...

Best pos Management System v1.0 - SQL Injection

Exploit Title: Best pos Management System v1.0 - SQL Injection Google Dork: NA Date: 14/2/2023 Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...

Human Resource Management System 1.0 SQL Injection

Exploit Title: Human Resource Management System - SQL Injection unauthenticated Date: 08-11-2022 Exploit Author: Matthijs van der Vaart eMVee Vendor Homepage: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software Link:...

Human Resource Management System 1.0 - SQL Injection Vulnerability

Exploit Title: Human Resource Management System - SQL Injection unauthenticated Exploit Author: Matthijs van der Vaart eMVee Vendor Homepage: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software Link:...

Online Graduate Tracer System 1.0 SQL Injection

Exploit Title: Online Graduate Tracer System - Multiple SQLi Date: 24/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/15904/online-graduate-tracer-system-college-ict-alumni.html Software Download:...

Online Graduate Tracer System - Multiple SQL injection Vulnerabilities

A Blind SQL injection vulnerability in the fill-in forms of Online Graduate Tracer System allows remote unauthenticated attackers to execute remote arbitrary SQL commands through "age" parameter. Description A Blind SQL injection vulnerability in the fill-in forms of Online Graduate Tracer System...

Yoga Class Registration 1.0 SQL Injection Vulnerability

Title: Yoga Class Registration -1.0-2023 - Multiple SQLi Author: nu11secur1ty Date: 02.27.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html Reference:...

Human Resources Management System - Multiple SQL injection Vulnerability

A Blind SQL injection vulnerability in the login page /hrm/controller/login.php in Human Resources Management System allows remote unauthenticated attackers to execute remote command through arbitrary SQL commands by "name" parameter. Request PoC POST /hrm/controller/login.php HTTP/1.1 Host:...

Ghauri - An Advanced Cross-Platform Tool That Automates The Process Of Detecting And Exploiting SQL Injection Security Flaws

An advanced cross-platform tool that automates the process of detecting andexploiting SQL injection security flaws Requirements Python 3 Python pip3 Installation cd to ghauri directory. install requirements: python3 -m pip install --upgrade -r requirements.txt run: python3 setup.py install or...

Multiple Blind SQL Injection Vulnerabilities in Reports

Description SQL injection typically allows an attacker to extract the entire database from the vulnerable website, including user information, encrypted passwords, and business data. This can subsequently lead to mass compromise of user accounts, data being encrypted and held to ransom, or stolen...

3 Types of SQLi in `s` param - (Time/Boolean/Error Based)

Description I have found 3 types of SQLi on the s parameter Proof of Concept Time-Based Time-based SQL Injection is an inferential SQL Injection technique that relies on sending an SQL query to the database which forces the database to wait for a specified amount of time in seconds before...

Online Shopping System Advanced 1.0 SQL Injection Vulnerability

Title: online-shopping-system-advanced-1.0 SQLi Author: nu11secur1ty Vendor: https://github.com/PuneethReddyHC/online-shopping-system-advanced Software: https://github.com/PuneethReddyHC/online-shopping-system-advanced/archive/refs/heads/master.zip Reference:...

Canteen Management 1.0 2022 SQL Injection Vulnerability

Title: Canteen-Management1.0-2022 SQLi Author: nu11secur1ty Vendor: https://www.mayurik.com/ Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/mayurik/2022/Canteen-Management/Docs/youthappam.zip?raw=true Reference:...