30 matches found
FAROL - SQL Injection
Exploit Title: Web Application Farol with anauthenticated SQLi injection Date: 2015-09-16 Exploit Author: Thierry Fernandes Faria a.k.a SoiL thierryfariaa at gmail dot com Vendor Homepage:http://www.teiko.com.br/pt/solucoes/infraestrutura-em-ti/farol Version: All CVE : CVE-2015-6962 OWASP Top10:...
Microsoft SQL Server SQLi SUSER_SNAME Windows Domain Account Enumeration
This module can be used to bruteforce RIDs associated with the domain of the SQL Server using the SUSERSNAME function via Error Based SQL injection. This is similar to the smblookupsid module, but executed through SQL Server queries as any user with the PUBLIC role everyone. Information that can ...
Cart Engine 3.0 XSS / Open Redirect / SQL Injection
=== Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially crafted HTTP request, it is possible to exploi...
vBulletin vBay <= 1.1.9 - Error-Based SQL Injection
No description provided by source. !/usr/bin/env python -W ignore::DeprecationWarning VBay = 1.1.9 - Remote Error based SQL Injection Author: Dan UK Contact: http://www.hackforums.net/member.php?action=profile&uid=817599 Date: 10/11/12 DETAILS Among a couple of other unsanitized parameters used...
Microweber 0.905 - Error-Based SQL Injection
Microweber 0.905 - Error-Based SQL Injection =============================================================================== | | / / / / / / // / / -/ - / // / / / / // / ////,//////,// ///, / // team PUBLIC SECURITY ADVISORY | |...
Microweber 0.905 - Error-Based SQL Injection
=============================================================================== | | / / / / / / // / / -/ - / // / / / / // / ////,//////,// ///, / // team PUBLIC SECURITY ADVISORY | | =============================================================================== TITLE ===== Microweber...
Drupal 6.x->7.18 getimagesize() <= Multiple Vulnerabilities
This Bug in fonction ' getimagesize ' is Multiple Vulnerabilities in Drupal CMS, When you Upload NULL Image-Size the Script Can't Read the Image Content and show you some errors, The Attacker can use this bug to get some important information like SQL Info's or Disclosure the Full Path of drupal...
Siemens and Canon's Databases exploited by Team INTRA
Siemens and Canon's Databases exploited by Team INTRA Recently a hacker known as "JoinSe7en" from Team INTRA claims to have hacked into subdomains of Canon and Siemens. Apparently, the hacker has found and exploited a Blind SQL Injection vulnerability in Canon's website and a Error based SQL...
WAVSEP 1.0.3 – Web Application Vulnerability Scanner Evaluation Project
WAVSEP 1.0.3 – Web Application Vulnerability Scanner Evaluation Project A vulnerable web application designed to help assessing the features, quality and accuracy of web application vulnerability scanners. This evaluation platform contains a collection of unique vulnerable web pages that can be...
HTTP Error Based SQL Injection Scanner
This module identifies the existence of Error Based SQL injection issues. Still requires a lot of work This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Error Based SQL Injection Scanner',...