PHPJabbers Simple CMS 5.0 - SQL Injection

Exploit Title: PHPJabbers Simple CMS 5.0 - SQL Injection Date: 2023-04-29 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/ Version: 5.0 Tested on: Kali Linux Request GET...

Best pos Management System v1.0 - SQL Injection

Exploit Title: Best pos Management System v1.0 - SQL Injection Google Dork: NA Date: 14/2/2023 Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...

Human Resource Management System 1.0 SQL Injection

Exploit Title: Human Resource Management System - SQL Injection unauthenticated Date: 08-11-2022 Exploit Author: Matthijs van der Vaart eMVee Vendor Homepage: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software Link:...

Human Resource Management System 1.0 - SQL Injection Vulnerability

Exploit Title: Human Resource Management System - SQL Injection unauthenticated Exploit Author: Matthijs van der Vaart eMVee Vendor Homepage: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software Link:...

Human Resources Management System v1.0 - Multiple SQLi

Exploit Title: Human Resources Management System v1.0 - Multiple SQLi Date: 16/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.ht...

Yoga Class Registration System v1.0 - Multiple SQLi

Exploit Title: Yoga Class Registration System v1.0 - Multiple SQLi Date: 19/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html Software...

WorkOrder CMS 0.1.0 - SQL Injection

Exploit Title: WorkOrder CMS 0.1.0 - SQL Injection Date: Sep 22, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/romzes13/WorkOrderCMS Software Link: https://github.com/romzes13/WorkOrderCMS/archive/refs/tags/v0.1.0.zip Version: 0.1.0 Tested on: Linux Auth Bypass: username...

WorkOrder CMS 0.1.0 - SQL Injection Vulnerability

Exploit Title: WorkOrder CMS 0.1.0 - SQL Injection Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/romzes13/WorkOrderCMS Software Link: https://github.com/romzes13/WorkOrderCMS/archive/refs/tags/v0.1.0.zip Version: 0.1.0 Tested on: Linux Auth Bypass: username:' or '1'='1...

Yoga Class Registration 1.0 SQL Injection Vulnerability

Title: Yoga Class Registration -1.0-2023 - Multiple SQLi Author: nu11secur1ty Date: 02.27.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html Reference:...

Human Resources Management System - Multiple SQL injection Vulnerability

A Blind SQL injection vulnerability in the login page /hrm/controller/login.php in Human Resources Management System allows remote unauthenticated attackers to execute remote command through arbitrary SQL commands by "name" parameter. Request PoC POST /hrm/controller/login.php HTTP/1.1 Host:...

SQLiDetector - Helps You To Detect SQL Injection "Error Based" By Sending Multiple Requests With 14 Payloads And Checking For 152 Regex Patterns For Different Databases

Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- | S|Q|L|i|...

Ghauri - An Advanced Cross-Platform Tool That Automates The Process Of Detecting And Exploiting SQL Injection Security Flaws

An advanced cross-platform tool that automates the process of detecting andexploiting SQL injection security flaws Requirements Python 3 Python pip3 Installation cd to ghauri directory. install requirements: python3 -m pip install --upgrade -r requirements.txt run: python3 setup.py install or...

3 Types of SQLi in `s` param - (Time/Boolean/Error Based)

Description I have found 3 types of SQLi on the s parameter Proof of Concept Time-Based Time-based SQL Injection is an inferential SQL Injection technique that relies on sending an SQL query to the database which forces the database to wait for a specified amount of time in seconds before...

Online Shopping System Advanced 1.0 SQL Injection Vulnerability

Title: online-shopping-system-advanced-1.0 SQLi Author: nu11secur1ty Vendor: https://github.com/PuneethReddyHC/online-shopping-system-advanced Software: https://github.com/PuneethReddyHC/online-shopping-system-advanced/archive/refs/heads/master.zip Reference:...

Personnel Property Equipment 2015-2022 SQL Injection

Title: Personnel Property Equipment-2015-2022 SQLi, Unauthenticated-File-Upload Author: nu11secur1ty Date: 08.22.2022 Vendor Homepage: https://www.trickcode.in/ Video vendor: https://www.youtube.com/watch?v=ltSwom8sQAQ Software...

Warehouse Management System 2022 Multiple SQL injection Vulnerabilities

Title: Warehouse Management System 2022 ML-SQLi Author: nu11secur1ty Date: 06.13.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php-codeigniter-warehouse-management-system-free-source-code Reference:...

IBM: SQL injection in URL path processing on www.ibm.com

A blind SQL injection in URL path processing on www.ibm.com was reported to IBM, analyzed and has been remediated. Thank you to @asterite. Blind SQL injection was present in URL path processing on www.ibm.com. An interesting thing is that the vulnerability was present in, essentially, any path, o...

Auto Spare Parts Management 1.0 SQL Injection Vulnerability

Title: Auto-Spare-Parts-Management v1.0 remote SQL-Injections Author: nu11secur1ty Vendor: https://github.com/pavanpatil45 Software: https://github.com/pavanpatil45/Auto-Spare-Parts-Management Description: The Referer HTTP header on Auto-Spare-Parts-Management v1.0 system appears to be vulnerable...

Msmailprobe - Office 365 And Exchange Enumeration

Office 365 and Exchange Enumeration It is widely known that OWA Outlook Webapp is vulnerable to time-based user enumeration attacks. This tool leverages all known, and even some lesser-known services exposed by default Exchange installations to enumerate users. It also targets Office 365 for...

Improper Access Control

ssddanbrown/bookstack is vulnerable to Improper Access Control. An attacker is able to execute an error-based attack by obtaining a part of an email of the user...