U.S. Department of State: Time Based SQL Injection

A Time-Based SQL Injection vulnerability was identified on a website that uses WordPress CMS. The vulnerability was found in the search function of the website, where a gap was observed in the search results. The vulnerability allowed an attacker to inject malicious code and potentially access th...

Joomla FSF FreeStyle FAQs 1.11.18 Database Disclosure / SQL Injection

Exploit Title : Joomla FSF FreeStyle FAQs Components 1.11.18 SQL Injection / Database Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 03/02/2019 Vendor Homepage : freestyle-joomla.com Software Download Link :...

U.S. Dept Of Defense: SQL injection on the https://████/

Description Hello. I was able to find Blind SQL injection on the https://███/ Database appears to be MySQL 5. POC GET /library.php?path=test&docid=1%20AND%20SELECT%20%20FROM%20SELECTSLEEP1WUeh HTTP/1.1 Host: ██████ Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1...

MySQL User-Defined (Linux) x32 / x86_64 sys_exec Privilege Escalation

Exploit Title: MySQL User-Defined Linux x32 / x8664 sysexec function local privilege escalation exploit Date: 24/01/2019 Exploit Author: d7x Vendor Homepage: https://www.mysql.com Software Link: www.mysql.com Version: MySQL 4.x/5.x Tested on: Debian GNU/Linux 8.11 / mysql Ver 14.14 Distrib 5.5.60...

phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)

phpMyAdmin 4.8.1 - Authenticated Local File Inclusion 2 Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Date: 2018-06-21 Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link:...

Flash Operator Panel 2.31.03 - Multiple Web Vulnerabilities

Document Title: =============== Flash Operator Panel 2.31.03 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1906 Release Date: ============= 2016-10-21 Vulnerability Laboratory ID VL-ID: ===================================...

Joomla Component BF Quiz SQL Injection Vulnerability

No description provided by source. Exploit Title: Joomla Component BF Quiz SQL Injection Vulnerability Date: 29th May 2010 Author: Valentin Category: webapps/0day Version: 1.3.0 Tested on: Debian, Apache2, MySQL 5 CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1...

Web Wiz Forums 9.68 SQLi Vulnerability

No description provided by source. ========================================= Web Wiz Forums 9.68 SQLi Vulnerability ========================================= Name : Web Wiz Forums 9.68 SQLi Vulnerability Date : june, 9 2010 Vendor url :http://www.webwiz.co.uk/webwizforums/ Platform: Windows...

帝友P2P借贷系统最新版SQL注入

简要描述： 不描述了，忙着去改金额=。= 详细说明： 注入点:http://www.diyou.cc/?plugins&area=&class=usel&name=work&q=areas&type=p,c&value=1 GET参数value未有效过滤导致存在注入 这是你们家的官网产品演示站对吧？ 通知存在注入点，未做进一步测试，赶紧赶紧赶紧修复！ python sqlmap.py -u "http://www.diyou.cc/?plugins&area=&class=usel&name=work&q=areas&type=p,c&value=1" --batch -p "value...

[aidSQL] PHP Application For SQL Injection Detection & Exploitation

aidSQL a PHP application provided for detecting security holes in your website/s. It’s a modular application, meaning that you can develop your very own plugins for SQL injection detection & exploitation. The tool provides pen-testing capabilities for MS-SQL 2000, MySQL 5 and the author promises ...

Oracle MySQL 5.x < 5.6.13 Multiple Vulnerabilities

Binary data 8029.prm...

MySQL - Remote User Enumeration

MySQL - Remote User Enumeration MySQL User Account Enumeration Utility When an attacker authenticates using an incorrect password with the old authentication mechanism from mysql 4.x and below to a mysql 5.x server the mysql server will respond with a different message than Access Denied, what...

Jara 1.6 Cross Site Scripting / SQL Injection Vulnerabilities

Jara version 1.6 suffers from cross site scripting and remote SQL injection vulnerabilities. Information -------------------- Name : XSS and SQL Injection Vulnerabilities in Jara Software : Jara 1.6 and possibly below. Vendor Homepage : http://sourceforge.net/projects/jara/ Vulnerability Type :...

Jara 1.6 Cross Site Scripting / SQL Injection

Information -------------------- Name : XSS and SQL Injection Vulnerabilities in Jara Software : Jara 1.6 and possibly below. Vendor Homepage : http://sourceforge.net/projects/jara/ Vulnerability Type : Cross-Site Scripting and SQL Injection Severity : Critical Researcher : Canberk Bolat Advisory...

TheBlog <= 2.0 Multiple Vulnerabilities

Exploit for php platform in category web applications = 5, on SQL codes to insert, you must replace all: TYPE=MyISAM By: ENGINE=InnoDB -+- We discovered multiple vulnerabilities on this system. All in index.php, vars: SQL Injection index.php?id=sqli index.php?cat=sqli index.php?archives=sqli...

Publishing Technology Blind SQL Injection

========================================================= Publishing technology Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail : submitat1337day.com 1 0 0 1 1 0 I'm KnocKout member from Inj3ct0r Team 1 1 0...

Bacula-Web 1.3.x Cross Site Scripting / SQL Injection

GotGeek Labs http://www.gotgeek.com.br/ Bacula-web 1.3.x - 5.0.3 Multiple Remote Vulnerabilities + Description Bacula-Web is a web based tool that provide you a summarized view of your bacula director. It obtain his information from your bacula catalog's database. It provide some usefull...

CVE-2010-3833

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service server crash via crafted arguments to extreme-value functions such as 1 LEAST and 2 GREATEST, related to KILLBADDATA and a "CREATE...

Joomla Component com_restaurantguide Multiple Vulnerabilities

Exploit for php platform in category web applications ============================================================= Joomla Component comrestaurantguide Multiple Vulnerabilities ============================================================= Exploit Title: Joomla Component comrestaurantguide Multipl...

Webiz - SQL Injection

Webiz - SQL Injection @@@@@@ @@ @@ @@@@@ @@@@@ @@ @@@@ @@ @@@@@@ @@@ @@@@ @@ @@ @@ @@ @@ @@ @@ @@ @ @@ @@ @@ @ @ @@ @ @@ @@@@@ @@ @@ @@@@@ @@ @@ @@ @@@@@ @@ @ @ @@ @@ @@ @@ @@ @@ @@ '' @@ @ @@ @@ @@ @ @ @@ @ @@ @@ @@ @@@@@ @@ @@ @@ @ @@ @@ @@ @@@ @@ @ [email protected] [email protected] VBHACKER.NET...