nuclei_poc

This repository is an offensive tool for Nuclei POCs. It is a Python script that clones GitHub repositories, extracts Nuclei POCs, and organizes them into categorized folders. The script runs automatically every day using GitHub Actions. The primary vulnerability class targeted by this tool is no...

Car Workshop System - SQL Injection

Car Workshop System - SQL Injection Car Workshop System, the presence of the parameter filter is not strict, leading to a sql injection vulnerability, if the other server is turned on the error display, can be directly used Google Dork: N/A Injection point:...

Joomla! Component Guesser v1.0.4 - SQL Injection

Joomla! Component Guesser v1. 0. 4 - SQL Injection Joomla! Component Guesser v1. 0. 4, There is parameter filter is not strict, leading to a sql injection vulnerability, if the other server is turned on the error display, can be directly used Google Dork: inurl:index. php? option=comguesser...

Joomla! Component OneVote! v1.0 - SQL Injection

Joomla! Component OneVote! v1. 0 - SQL Injection results. in php electionid parameters into the SQL statement exist GET the type of injection Injection point: http://localhost/PATH/components/comonevote/results. php? electionid=SQL union injected payload: +/! 50000union/+select+@@version-- - Test...

Joomla! Component Abstract v2.1 - SQL Injection

Joomla! Component the Abstract v2. 1 - SQL Injection Joomla! Component the Abstract v2. 1, There is a parameter filter is not strict, leading to a sql injection vulnerability Injection point: http://localhost/PATH/index. php? option=comabstract&view=conferences&layout=detail&pid=SQL...

HackerOne: Subdomain takeover at info.hacker.one

Summary: Hi team,i've been able to takeover subdomain at info.hacker.one, the CNAME entry in the subdomain is pointing to an external page service app.unbounce.com. Actual Dns Entry: F156764 Steps To Reproduce 1 I have claimed the domain and placed a page for PoC validation located under: Go to -...