WordPress Plugin Google Review Slider 6.1 - 'tid' SQL Injection

Exploit Title: Wordpress Plugin Google Review Slider 6.1 - 'tid' SQL Injection Google Dork: inurl:"/wp-content/plugins/wp-google-places-review-slider/" Date: 2019-07-02 Exploit Author: Princy Edward Exploit Author Blog : https://prinyedward.blogspot.com/ Vendor Homepage:...

AUO SunVeillance Monitoring System 1.1.9e - (MailAdd) SQL Injection Vulnerability

Exploit for hardware platform in category web applications Exploit Title: AUO SunVeillance Monitoring System 1.1.9e - 'MailAdd' SQL Injection Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO SunVeillance Monitoring System all versions prior to v1.1.9e Tested on: ...

AUO SunVeillance Monitoring System 1.1.9e - MailAdd SQL Injection

AUO SunVeillance Monitoring System 1.1.9e - MailAdd SQL Injection Exploit Title: AUO SunVeillance Monitoring System 1.1.9e - 'MailAdd' SQL Injection Date: 2019-10-24 Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO SunVeillance Monitoring System all versions prio...

WordPress Plugin Sliced Invoices 3.8.2 - post SQL Injection

WordPress Plugin Sliced Invoices 3.8.2 - post SQL Injection Exploit Title: Wordpress Sliced Invoices 3.8.2 - 'post' SQL Injection Date: 2019-10-22 Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage:...

AUO SunVeillance Monitoring System 1.1.9e SQL Injection

Exploit Title: AUO SunVeillance Monitoring System 1.1.9e - 'MailAdd' SQL Injection Date: 2019-10-24 Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO SunVeillance Monitoring System all versions prior to v1.1.9e Tested on: It is a proprietary devices:...

WordPress Plugin Sliced Invoices 3.8.2 - 'post' SQL Injection

Exploit Title: Wordpress Sliced Invoices 3.8.2 - 'post' SQL Injection Date: 2019-10-22 Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage: https://slicedinvoices.com/ Software Link:...

AUO SunVeillance Monitoring System 1.1.9e - 'MailAdd' SQL Injection

Exploit Title: AUO SunVeillance Monitoring System 1.1.9e - 'MailAdd' SQL Injection Date: 2019-10-24 Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO SunVeillance Monitoring System all versions prior to v1.1.9e Tested on: It is a proprietary devices:...

WordPress Sliced Invoices 3.8.2 SQL Injection

Exploit Title: Wordpress Sliced Invoices /wp-admin/admin.php?action=duplicatequoteinvoice&post=8%20and%20selectfromselectsleep20a--%20 - The response will be returned after 20 seconds proving the successful exploitation of the vulnerability. - Sqlmap can be used to further exploit the vulnerabili...

Groundhogg <= 1.3.11.3 - Authenticated SQL Injection

Wordpress Groundhogg plugin with a version lower than 1.3.11.3 is affected by an Authenticated SQL Injection vulnerability. PoC Exploit Title: Wordpress Groundhogg = 1.3.11.13 Authenticated SQL Injection Vulnerability Date: 23-10-2019 Exploit Author: Lucian Ioan Nitescu Contact:...

Groundhogg <= 1.3.11.3 - Authenticated SQL Injection

Wordpress Groundhogg plugin with a version lower than 1.3.11.3 is affected by an Authenticated SQL Injection vulnerability. Exploit Title: Wordpress Groundhogg /wp-admin/admin.php?page=ghbulkjobs&action=ghexportcontacts&optinstatus%5B0%5D=selectfromselectsleep20a&optinstatus%5B1%5D=0 - The respon...

WordPress Sliced Invoices 3.8.2 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Sliced Invoices /wp-admin/admin.php?action=duplicatequoteinvoice&post=8%20and%20selectfromselectsleep20a--%20 - The response will be returned after 20 seconds proving the successful exploitation of the vulnerability. -...

SQLMap v1.3.10 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

U.S. Dept Of Defense: Followup - SQL Injection - https://██████████/██████/MSI.portal

Summary: Time based blind sql injection for parameter MSIadditionalFilterType1, at the following URL: https://███/███/MSI.portal?nfpb=true&pageLabel=msiportalpage61 Description: This is a follow up to a previous report I submitted: https://hackerone.com/reports/674838 The following page has a for...

WordPress Plugin Photo Gallery 1.5.34 - SQL Injection

Exploit Title: WordPress Plugin Photo Gallery by 10Web Add new and in add galleries / Gallery groups. GET request going with parameter albumid is vulnerable to Time Based Blind SQL injection. Following is the POC, 1...

WordPress Photo Gallery 1.5.34 Plugin - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Plugin Photo Gallery by 10Web Add new and in add galleries / Gallery groups. GET request going with parameter albumid is vulnerable to Time Based Blind SQL injection. Following is the POC, 1...

WordPress Plugin Photo Gallery 1.5.34 - SQL Injection

WordPress Plugin Photo Gallery 1.5.34 - SQL Injection Exploit Title: WordPress Plugin Photo Gallery by 10Web Add new and in add galleries / Gallery groups. GET request going with parameter albumid is vulnerable to Time Based Blind SQL injection. Following is the POC, 1...

Joomla JS Support Ticket 1.1.6 SQL Injection

Exploit Title: Joomla! component comjssupportticket - Authenticated SQL Injection Dork: inurl:"index.php?option=comjssupportticket" Date: 10.08.19 Exploit Author: qw3rTyTy Vendor Homepage: https://www.joomsky.com/ Software Link: https://www.joomsky.com/46/download/1.html Version: 1.1.6 Tested on:...

SQLMap v1.3.8 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

Joomla JS Support Ticket Component (com_jssupportticket) 1.1.5 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla! component comjssupportticket - SQL Injection Dork: inurl:"index.php?option=comjssupportticket" Exploit Author: qw3rTyTy Vendor Homepage: https://www.joomsky.com/ Software Link: https://www.joomsky.com/46/download/1.html...

Ovidentia 8.4.3 - SQL Injection

------------------------------------------------------- Exploit Title: Ovidentia CMS - SQL Injection Authenticated Date: 06/05/2019 CVE: CVE-2019-13978 Exploit Author: Fernando Pinheiro n3k00n3 Victor Flores UserX Vendor Homepage: https://www.ovidentia.org/ Version: 8.4.3 Tested on: Mac,linux -...