Pligg CMS 2.0.2 - 'load_data_for_search.php' SQL Injection

Exploit Title: Pligg CMS 2.0.2 SQL injection Date: 29-08-2015 Exploit Author: jsass Vendor Homepage: http://pligg.com Software Link: https://github.com/Pligg/pligg-cms/archive/2.0.2.zip Version: 2.0.2 Tested on: kali sana 2.0 Q8 Gray Hat Team SQLInjection File : loaddataforsearch.php $search = ne...

Cyberoam - Blind SQL Injection

Description The username field in the captive portal of Cyberoam NG firewall is vulnerable to SQL Injection and can be exploited to execute sql commands on the database. The username field is vulnerable to the following types of SQL Injections a Boolean-based blind sql injection b Stacked...

Wordpress CP Multi View Event Calendar Plugin 1.1.7 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress cp-multi-view-calendar.1.1.7 Unauthenticated SQL injection vulnerabilities Date: 2015-07-10 Google Dork: Index of /wordpress/wp-content/plugins/cp-multi-view-calendar Exploit Author: Joaquin Ramirez Martinez i0akiN...

ApPHP Hotel Site 3.x.x SQL Injection Vulnerability

ApPHP Hotel Site version 3.x.x suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data. ApPHP Hotel site SQLi Vulnerability ApPHP Hotel Site is an Hotel application programs using PHP Language. title : ApPHP Hotel Site v.3.x.x. godork : ".php?pid=" "ApP...

Amazon Product In a Post Plugin - SQL Injection

amazon-product-in-a-post.php - this plugin takes raw user values and uses it delete from the database. This query can be manipulated to perform SQL injection attacks. Line 40: $tempswe = $wpdb-query"DELETE FROM $wpdb-prefixamazoncache WHERE Cacheid ='$wp-queryvars'appip-cache-id'' LIMIT 1;"; sqlm...

Joomla! Component ECommerce-WD 1.2.5 - SQL Injection

Version 1.2.5 of the ECommerce-WD plugin for Joomla! has multiple unauthenticated SQL injections available via the advanced search functionality. http://extensions.joomla.org/extension/ecommerce-wd The vulnerable parameters are searchcategoryid, sortorder, and filtermanufacturerids within the...

53KF某处一个注入点

简要描述： 某处的一个注入 详细说明： 存在注入的地址: http://www10.53kf.com/zdydbgg2.php?styleid=106098168&companyid=72067196&dbggtype=2 sqlmap identified the following injection points with a total of 0 HTTPs requests: --- Place: GET Parameter: styleid Type: boolean-based blind Title: AND boolean-based blind - WHERE or...

Cart Engine 3.0 - Multiple Vulnerabilities

=== Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially crafted HTTP request, it is possible to exploi...

Cart Engine 3.0 XSS / Open Redirect / SQL Injection

=== Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially crafted HTTP request, it is possible to exploi...

@CMS 2.1.1 SQL Injection

SQL Injection on @CMS 2.1.1 Stable Risk: High CWE number: CWE-89 Date: 22/08/2014 Vendor: www.atcode.net Author: Felipe " Renzi " Gabriel Contact: [email protected] Tested on: Linux Mint Vulnerable File: articles.php Exploit: http://host/articles.php?catid=SQLI PoC:...

Microsoft MSN HBE - TB Blind SQL Injection Vulnerability

Document Title: =============== Microsoft MSN HBE - TB Blind SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1183 Video: http://www.vulnerability-lab.com/getcontent.php?id=1282 Vulnerability Magazine:...

InvGate Service Desk 4.2.36 SQL Injection Vulnerability

InvGate Service Desk version 4.2.36 suffers from multiple remote SQL injection vulnerabilities. InvGate Service Desk v4.2.36 multiple vulnerabilities http://www.invgate.com/en/service-desk/ http://www.invgate.com/en/service-desk/on-premise-trial/ Invgate Service Desk suffers from many SQL...

InvGate Service Desk 4.2.36 SQL Injection

InvGate Service Desk v4.2.36 multiple vulnerabilities http://www.invgate.com/en/service-desk/ http://www.invgate.com/en/service-desk/on-premise-trial/ Invgate Service Desk suffers from many SQL injections as an authenticated, but non-privileged end-user role user. Most are also stacked injections...

Kerio Control 8.3.1 - Blind SQL Injection

Document Title: ====================== Kerio Control = 8.3.1 Boolean-based blind SQL Injection Primary Informations: ====================== Product Name: Kerio Control Software Description: Kerio Control brings together multiple capabilities including a network firewall and router, intrusion...

Campaign Enterprise 11.0.421 SQLi Vulnerability

No description provided by source. Exploit Title: Campaign Enterprise 11.0.421 SQLi Vulnerability Author: Craig Freyman @cd1zz Date Discovered: 12/12/2011 Vendor Site: http://www.arialsoftware.com Vendor Notified: 1/19/2012 Vendor Fixed: 1/30/2012 Version 11.0.512 Description: The SID parameter i...

Mail.ru: SQL Injection on 11x11.mail.ru

Приветствую! SQL Inject boolean-based True http://11x11.mail.ru/xml/games/champ.php?act=groups&division=6&tournament=66+and+1=ifsubstr@@version,1,5=0x352e302e37,1,2%23 Сезон 22, Дивизион 3-C False...

Videos Tube 1.0 - Multiple SQL Injection Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Videos Tube SQL Injection and Remote Code Execution Google Dork: inurl:"single.php?url=" video Date: 05.05.2014 Exploit Author: Mustafa ALTINKAYNAK Vendor Homepage: http://www.phpscriptlerim.com Software Link:...

SMART iPBX SQL Injection Vulnerability

SMART iPBX suffers from multiple remote SQL injection vulnerabilities. SMART iPBX - Multiple Sql Injection =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : email protected , email protected .:. Home : http://www.iphobos.com/blog/ .:...

Website Created By Triad SQL Injection

| | | | '| | | | ' \ / \ ' \ | | | ' | | | \ / / | | | || | | | / | | | | | | | | | || | = 5.0 AND error-based - WHERE or HAVING clause Payload: id=5' AND SELECT 8596 FROMSELECT COUNT,CONCAT0x3a6974713a,SELECT CASE WHEN 8596=8596 THEN 1 ELSE 0 END,0x3a6a6c763a,FLOORRAND02x FROM...

Joomla com_etree Blind SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla cometree Blind SQL-inj Vuln Date: 20.02.2012 Author: Mach1ne Version: 1.5.+ Category:: remote, webapps Google dork: inurl:compersonal Tested in: web ============================== ================================= Multipl...