Microsoft SQL Server SQLi SUSER_SNAME Windows Domain Account Enumeration

This module can be used to bruteforce RIDs associated with the domain of the SQL Server using the SUSERSNAME function via Error Based SQL injection. This is similar to the smblookupsid module, but executed through SQL Server queries as any user with the PUBLIC role everyone. Information that can ...

BiWEB最新门户版绕过过滤注入漏洞小礼包

简要描述： BiWEB最新门户版绕过过滤注入漏洞小礼包，绕过全局过滤，造成多处可以注入 详细说明： 在wooyun上看到了有人把biweb的shell拿到了： WooYun: BIWEB门户版Getwebshell漏洞 ，也有人提了其他漏洞，我也来找找它的漏洞吧。去官网下BiWEB门户版最新的5.8.3来看看。 BiWEB对用户输入进行了全局过滤，但是这种过滤方法比较NC，这个漏洞就是来绕过全局过滤的。先来看看这个全局过滤方法吧/config/filtrate.inc.php...

BiWEB最新门户版注入又一枚

简要描述： BiWEB最新门户版注入又一枚，全局过滤的一个遗漏点 详细说明： 在wooyun上看到了有人把biweb的shell拿到了： WooYun: BIWEB门户版Getwebshell漏洞 ，也有人提了其他漏洞，我也来找找它的漏洞吧。去官网下BiWEB门户版最新的5.8.3来看看。...

Cart Engine 3.0 - Multiple Vulnerabilities

=== Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially crafted HTTP request, it is possible to exploi...

Cart Engine 3.0 XSS / Open Redirect / SQL Injection

=== Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially crafted HTTP request, it is possible to exploi...

TinyShop同一处盲注和存储型xss

简要描述： 参数未进行过滤，导致同一位置出现sql注入和可打后台存储xss。 详细说明： 先看看tinyshop如何处理传递的参数： /framework/lib/util/requestclass.php中 public static function get $num = funcnumargs; $args = funcgetargs; if$num==1 ifisset$GET$args0 ifisarray$GET$args0return $GET$args0; else return trim$GET$args0; return null; else if$num=2...

Ultimate eShop Error Based SQL Injection Vulnerability

No description provided by source. Exploit Title: Ultimate eShop Error Based SQL Injection Vulnerability Google Dork: inurl:index.cgi?aktion=shopview Date: 19/04/2011 Author: Romka Software Link: http://www.ultimate-eshop.de/ Tested on: Windows XP SP3 Exploit:...

vBulletin vBay <= 1.1.9 - Error-Based SQL Injection

No description provided by source. !/usr/bin/env python -W ignore::DeprecationWarning VBay = 1.1.9 - Remote Error based SQL Injection Author: Dan UK Contact: http://www.hackforums.net/member.php?action=profile&uid=817599 Date: 10/11/12 DETAILS Among a couple of other unsanitized parameters used...

Support4Arabs Pages 2.0 - SQL Injection Vulnerability

No description provided by source. Exploit Title: Support4Arabs Pages v2.0 Remote SQL Error Based Injection Vulnerability Date: 04/9/2012 Author: L0n3ly-H34rT Contact: [email protected] My Site: http://se3c.blogspot.com/ Vendor Link: http://www.support4arabs.com/ Software Link:...

Kordil EDMS 2.2.60rc3 - SQL Injection Vulnerability

No description provided by source. Exploit Title: Kordil EDMS v2.2.60rc3 SQL Injection Vulnerability Date: 12/05/2012 Exploit Author: Woody Hughes [email protected] Vendor Homepage: http://sourceforge.net/projects/kordiledms/ Software Link:...

MyBB (editpost.php, posthash) - SQL Injection Vulnerability

No description provided by source. MyBB 1.6.9 is vulnerable to Stored, Error based, SQL Injection. Vulnerable code: /editpost.php === Line 398 === $posthashquery = posthash='$posthash' OR ; === It can be done by using Tamper DataOr Live HTTP Headers, and when submitting a post, edit the 'posthash...

Microweber 0.905 - Error Based SQL Injection

No description provided by source. =============================================================================== | | / / / / / / // / / -/ - / // / / / / // / ////,//////,// ///, / // team PUBLIC SECURITY ADVISORY | |...

UCenter Home 2.0 - SQL Injection Vulnerability

No description provided by source. --==UCenter Home 2.0 -0day Remote SQL Injection Vulnerability==-- / Author : KnocKout / Greatz : DaiMon,BARCOD3,RiskY and iranian hackers / Contact: [email protected] / Cyber-Warrior.org/CWKnocKout --==--==--==--==--==--==--==--==--==--== Script : UCenter Home...

Alienvault 4.3.1 - SQL Injection / Cross-Site Scripting

AlienVault 4.3.1 Unauthenticated SQL Injection Vulnerability Type: SQL Injection Reporter: Sasha Zivojinovic Company: Gotham Digital Science Affected Software: AlienVault 4.3.1 Severity: Critical =========================================================== Summary...

Netvolution WCM CMS 3 SQL Injection

Exploit Title: Netvolution WCM - CMS v3 SQL Injection Exploit Type: Error-based SQL injection Date: Sun 02 Mar 2014 Exploit Author: projectzero labs Projectzero ID: projectzero2014-002-netvolutionsqli Vendor Homepage: http://www.netvolution.net && http://www.atcom.gr Version: 3 as vendor comfirme...

Microweber 0.905 - Error-Based SQL Injection

Microweber 0.905 - Error-Based SQL Injection =============================================================================== | | / / / / / / // / / -/ - / // / / / / // / ////,//////,// ///, / // team PUBLIC SECURITY ADVISORY | |...

Microweber 0.905 - Error-Based SQL Injection

=============================================================================== | | / / / / / / // / / -/ - / // / / / / // / ////,//////,// ///, / // team PUBLIC SECURITY ADVISORY | | =============================================================================== TITLE ===== Microweber...

[jSQL Injection v0.5] Java tool for automatic database injection

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. jSQL Injection change log - version 0.5 0.5 SQL shell Uploader 0.4 Admin page checker and preview Brute forcer md5...

Z-Blog的php版前台正则SQL盲注漏洞

简要描述： 第二发...另外有点疑惑想问下你们的开发 详细说明： 问题出在 /zbsystem/function/csystemcommon.php function GetVars$name,$type='REQUEST' if $type=='ENV' $array=&$ENV; if $type=='GET' $array=&$GET; if $type=='POST' $array=&$POST; if $type=='COOKIE' $array=&$COOKIE; if $type=='REQUEST' $array=&$REQUEST; if $type=='SERVER'...

OpenEMR 4.1.1 Patch 14 - SQL Injection / Privilege Escalation / Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "OpenEMR 4.1.1 Pat...