Color Prediction Game v1.0 - SQL Injection Vulnerability

Exploit Title: Color Prediction Game v1.0 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://www.codester.com/items/44411/color-prediction-game-php-script Tested on: Kali Linux & MacOS CVE: N/A Request POST /loginNow.php HTTP/1.1 Host: localhost Cookie:...

DigaSell Digital Store PHP Script 1.0.0 Cross Site Scripting

==================================================================================================================================== | Title : DigaSell - Digital store PHP Script V1.0.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Chatone Social Networking PHP Script 1.6 Add Administrator

==================================================================================================================================== | Title : chatone social networking php script v1.6 Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

PT-2023-27073 · Unknown · Gz Scripts Availability Booking Calendar Php

Name of the Vulnerable Software and Affected Versions: GZ Scripts Availability Booking Calendar PHP version 1.0 Description: A problematic issue has been found in the HTTP POST Request Handler component of the file index.php, where the manipulation of the promo code argument leads to cross site...

CVE-2023-3559 GZ Scripts PHP GZ Appointment Scheduling Script load.php cross site scripting

A vulnerability classified as problematic was found in GZ Scripts PHP GZ Appointment Scheduling Script 1.8. Affected by this vulnerability is an unknown functionality of the file /load.php. The manipulation of the argument firstname/secondname/phone/address1/country leads to cross site scripting...

Super Store Finder PHP Script 3.6 SQL Injection Vulnerability

Title : Super Store Finder PHP Script SQL Injection / Bypass admin login Researcher : Etharus Vendor : Joe Iz, https://superstorefinder.net/ Script Demo Url : https://superstorefinder.net/products/superstorefinder/ Version Affected : 3.6 and below Date : 5 July 2023 FOFA Dork : "designed and buil...

Super Store Finder PHP Script 3.6 SQL Injection

Title : Super Store Finder PHP Script SQL Injection / Bypass admin login Researcher : Etharus Vendor : Joe Iz, https://superstorefinder.net/ Script Demo Url : https://superstorefinder.net/products/superstorefinder/ Version Affected : 3.6 and below Date : 5 July 2023 FOFA Dork : "designed and buil...

Quicklancer 1.0 SQL Injection

Exploit Title: Quicklancer v1.0 - SQL Injection Date: 2023-05-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/quicklancer-freelance-marketplace-php-script/39087135 Demo Site: https://quicklancer.bylancer.com Tested on: Kali Linux CVE: N/A Request POST /php/user-ajax.php...

Quicklancer v1.0 - SQL Injection Vulnerability

Exploit Title: Quicklancer v1.0 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/quicklancer-freelance-marketplace-php-script/39087135 Demo Site: https://quicklancer.bylancer.com Tested on: Kali Linux CVE: N/A Request POST /php/user-ajax.php HTTP/1.1...

Quicklancer v1.0 - SQL Injection

Exploit Title: Quicklancer v1.0 - SQL Injection Date: 2023-05-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/quicklancer-freelance-marketplace-php-script/39087135 Demo Site: https://quicklancer.bylancer.com Tested on: Kali Linux CVE: N/A Request POST /php/user-ajax.php...

GaanaGawaana Music Platform PHP Script 1.0 Cross Site Scripting / SQL Injection Vulnerabilities

Title: GaanaGawaana - Music Platform PHP Script-1.0 XSS-Reflected and SQLi Vulnerability Author: nu11secur1ty Vendor: https://www.codester.com/ Software: https://www.codester.com/items/27270/gaanagawaana-music-platform-php-script Reference XSS:...

GaanaGawaana Music Platform PHP Script 1.0 Cross Site Scripting / SQL Injection

Title: GaanaGawaana - Music Platform PHP Script-1.0 XSS-Reflected and SQLi Vulnerability Author: nu11secur1ty Date: 05.16.2023 Vendor: https://www.codester.com/ Software: https://www.codester.com/items/27270/gaanagawaana-music-platform-php-script Reference XSS:...

GaanaGawaana 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

GaanaGawaana 1.0 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

VOTAB Voting Quiz PHP Script 1.0 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

VOTAB Voting Quiz PHP Script 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Code injection

Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. In the case of application, this...

Design/Logic Flaw

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing the host parameter. The changed host parameter in the HTTP could point to another host that will send a...

CVE-2022-3189

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing the host parameter. The changed host parameter in the HTTP could point to another host that will send a...

New GoTrim Botnet Attempting to Break into WordPress Sites' Admin Accounts

A new Go-based botnet has been spotted scanning and brute-forcing self-hosted websites using the WordPress content management system CMS to seize control of targeted systems. "This new brute forcer is part of a new campaign we have named GoTrim because it was written in Go and uses ':::trim:::' t...