61 matches found
CVE-2025-50972
SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmplid parameter to index.php. Three techniques have been demonstrated: error-based injection using a crafted FLOOR-based payload, time-based blind injection via SLEEP, and...
Exploit for CVE-2025-10351
CVE-2025-10351 POC - SQL Injection Exploit 💉 POC for CVE-20...
CVE-2023-34735
Property Cloud Platform Management Center 1.0 is vulnerable to error-based SQL injection...
U.S. Dept Of Defense: Error-based blind SQL injection
An error-based blind SQL injection vulnerability was discovered at a certain location. The vulnerability was present in the sites, rods, and ous parameters. By exploiting these parameters, sensitive information could have been extracted by triggering errors returned by the database. Certain...
Stock Management System v1.0 - Unauthenticated SQL Injection Exploit
Exploit Title: Stock Management System v1.0 - Unauthenticated SQL Injection Exploit Author: Josué Mier aka blu3ming Security Researcher & Penetration Tester @wizlynx group Vendor Homepage: https://www.sourcecodester.com/php/15023/stock-management-system-phpoop-source-code.html Software Link:...
Stock Management System 1.0 SQL Injection
Exploit Title: Stock Management System v1.0 - Unauthenticated SQL Injection Date: February 6, 2024 Exploit Author: Josué Mier aka blu3ming Security Researcher & Penetration Tester @wizlynx group Vendor Homepage:...
Stock Management System v1.0 - Unauthenticated SQL Injection
Exploit Title: Stock Management System v1.0 - Unauthenticated SQL Injection Date: February 6, 2024 Exploit Author: Josué Mier aka blu3ming Security Researcher & Penetration Tester @wizlynx group Vendor Homepage:...
CVE-2023-34735
Property Cloud Platform Management Center 1.0 is vulnerable to error-based SQL injection...
Ghauri - An Advanced Cross-Platform Tool That Automates The Process Of Detecting And Exploiting SQL Injection Security Flaws
An advanced cross-platform tool that automates the process of detecting andexploiting SQL injection security flaws Requirements Python 3 Python pip3 Installation cd to ghauri directory. install requirements: python3 -m pip install --upgrade -r requirements.txt run: python3 setup.py install or...
CVE-2021-24747
The SEO Booster WordPress plugin before 3.8 allows for authenticated SQL injection via the "fnmyajaxifieddataloaderajax" AJAX request as the $REQUEST'order'0'dir' parameter is not properly escaped leading to blind and error-based SQL injections...
CVE-2021-40578
Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter...
PHPBack 1.3.0 - SQL Injection
PHPBack 1.3.0 - SQL Injection / + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PHPBACK-v1.3.0-SQL-INJECTION.txt Vendor: ================ www.phpback.org Product: ================ PHPBack v1.3.0 Vulnerability Type: ===================...
用友某系统多处注入漏洞打包
简要描述: wooyun搜了一下,没有人提,来一发。 详细说明: 首先,该接口是无需权限访问的。 已http://.../bugs/wooyun-2010-0178322为例: ...:8080/uapws/service/nc.itf.bd.crm.ICurrtypeExportToCrmService?wsdl ...:8080/uapws/service/nc.itf.bd.crm.IInvbasdocExportToCrmService?wsdl ...:8080/uapws/service/nc.itf.bd.crm.IMeasdocExportToCrmService?wsd...
HumHub 0.11.2 and 0.20.0-beta.2 - SQL 注入漏洞
寻找SQL注入的一般步骤: 1、寻找数据输入(表单) 2、注入数据 3、检测异常响应,像HTTP的500错误,SQL报错 该过程可以借助多种工具实现自动化。 用AWVS检测出 /index.php 可能存在SQL注入。 以下地址会报SQL错误,from 字段是注入点: http://localhost/index.php?from=1'"&limit=10&mode=activity&r=space/space/stream&sguid=e9659cfc-886f-4524-94ae-1721999ad43b...
OpenEMR 4.1.1 Patch 14 - SQL Injection / Privilege Escalation / Remote Code Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "OpenEMR 4.1.1 Pat...
[DroidSQLi] MySQL Injection tool for Android
DroidSQLi is the first automated MySQL Injection tool for Android. It allows you to test your MySQL-based web application against SQL injection attacks. DroidSQLi supports the following injection techniques: - Time based injection - Blind injection - Error based injection - Normal injection...
Support4Arabs Pages 2.0 - SQL Injection
Support4Arabs Pages 2.0 - SQL Injection Exploit Title: Support4Arabs Pages v2.0 Remote SQL Error Based Injection Vulnerability Date: 04/9/2012 Author: L0n3ly-H34rT Contact: [email protected] My Site: http://se3c.blogspot.com/ Vendor Link: http://www.support4arabs.com/ Software Link:...
YourArcadeScript 2.4 - index.php?id SQL Injection
YourArcadeScript 2.4 - index.php?id SQL Injection Exploit Title: YourArcadeScript 2.4 SQLi Vulnerability Version: 2.4 Date: 17/08/2012 Author: DaOne LCA Software Link: http://www.yourarcadescript.com Google Dork: intext:"Powered by YourArcadeScript 2.4" Exploit...
YourArcadeScript 2.4 SQL Injection
Exploit Title: YourArcadeScript 2.4 SQLi Vulnerability Version: 2.4 Date: 17/08/2012 Author: DaOne LCA Software Link: http://www.yourarcadescript.com Google Dork: intext:"Powered by YourArcadeScript 2.4" Exploit http://localhost/index.php?act=cat&id=Error Based Injection thanks to : All LibyanCA...
Elgg 1.8 beta2 SQL Injection
Exploit for php platform in category web applications Elgg 1.8 beta2 and prior to 1.7.11 'containerguid' and 'ownerguid' SQL Injection Vendor URL: http://www.elgg.org/ Advisore: http://lostmon.blogspot.com/2011/08/elgg-18-beta2-and-prior-to-1711.html Vendor notify: YES exploit available: YES...