Curfew e-Pass Management System 1.0 - FromDate SQL Injection

Exploit Title: Curfew e-Pass Management System 1.0 - FromDate SQL Injection Date: 28/9/2023 Exploit Author: Puja Dey Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/curfew-e-pass-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Windows 10/Wamp 1 login...

Curfew e-Pass Management System 1.0 - FromDate SQL Injection Vulnerability

Exploit Title: Curfew e-Pass Management System 1.0 - FromDate SQL Injection Exploit Author: Puja Dey Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/curfew-e-pass-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Windows 10/Wamp 1 login into the...

WebCopilot - An Automation Tool That Enumerates Subdomains Then Filters Out Xss, Sqli, Open Redirect, Lfi, Ssrf And Rce Parameters And Then Scans For Vulnerabilities

WebCopilot is an automation tool designed to enumerate subdomains of the target and detect bugs using different open-source tools. The script first enumerate all the subdomains of the given target domain using assetfinder, sublister, subfinder, amass, findomain, hackertarget, riddler and crt then...

New Hacker Group 'GambleForce' Tageting APAC Firms Using SQL Injection Attacks

A previously unknown hacker outfit called GambleForce has been attributed to a series of SQL injection attacks against companies primarily in the Asia-Pacific APAC region since at least September 2023. "GambleForce uses a set of basic yet very effective techniques, including SQL injections and th...

Sony: SQL injection at ███████

A Sony website was vulnerable to an error-based SQL injection that allowed data extraction...

piccolo SQL Injection via named transaction savepoints

Summary The handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection as user provided input is passed directly to connection.execute... via f-strings. Details An excerpt of the Postgres savepoint handling: python async def savepointself, name:...

AMSS++ 6.11 SQL Injection

==================================================================================================================================== | Title : AMSS++ V 6.11 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 115.0.264-bit | |...

AMSS++ 6.1 SQL Injection

==================================================================================================================================== | Title : AMSS++ V6.1 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 115.0.264-bit | |...

AMSS++ 5.16 SQL Injection

==================================================================================================================================== | Title : AMSS++ V 5.16 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 115.0.264-bit | |...

DBD E-Commerce 2.0.6 SQL Injection

==================================================================================================================================== | Title : DBD E-Commerce 2.0.6 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 115.0.264-bi...

WordPress AN_Gradebook 5.0.1 Plugin - SQL injection Vulnerability

!/usr/bin/python3 Exploit Title: WordPress Plugin ANGradebook = 5.0.1 - Subscriber+ SQLi Date: 2023-07-26 Exploit Author: Lukas Kinneberg Github: https://github.com/lukinneberg/CVE-2023-2636 Vendor Homepage: https://wordpress.org/plugins/an-gradebook/ Software Link:...

AMSS++ 5.21.09 SQL Injection

==================================================================================================================================== | Title : AMSS++ V5.21.09 JT SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 115.0.264-bit ...

Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution

Exploit Title: Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Date: 16 July 2023 Exploit Author: Thurein Soe CVE : CVE-2022-28171 Vendor Homepage: https://www.hikvision.com Software Link: N/A Refence Link: https://cve.report/CVE-2022-28171 Version: Filmora 12: Ds-a71024...

Faculty Evaluation System 1.0 SQL Injection

Exploit Title: Faculty Evaluation System v1.0 - SQL Injection Date: 07/2023 Exploit Author: Andrey Stoykov Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html Software Link:...

Faculty Evaluation System v1.0 - SQL Injection

Exploit Title: Faculty Evaluation System v1.0 - SQL Injection Date: 07/2023 Exploit Author: Andrey Stoykov Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html Software Link:...

Beauty Salon Management System 1.0 SQL Injection

Exploit Title: Beauty Salon Management System v1.0 - SQLi Date of found: 04/07/2023 Exploit Author: Fatih Nacar Version: V1.0 Tested on: Windows 10 Vendor Homepage: https://www.campcodes.com Software Link: https://www.campcodes.com/projects/beauty-salon-management-system-in-php-and-mysqli/ CWE:...

Exploit for SQL Injection in Wp-Slimstat Slimstat_Analytics

CVE-2023-0630 CVE-2023-0630 - Slimstat Analytics 4.9.3.3...

Exploit for SQL Injection in Icegram Email_Subscribers_\&_Newsletters

CVE-2022-0439 CVE-2022-0439 - Email Subscribers & Newslett...

Exploit for Cross-site Scripting in Dandulaney Dan\'S_Embedder_For_Google_Calendar

CVE-2023-51504 This is a dockerized reproduction of the MotoCM...

Service Provider Management System v1.0 - SQL Injection Vulnerability

Exploit Title: Service Provider Management System v1.0 - SQL Injection Exploit Author: Ashik Kunjumon Vendor Homepage: https://www.sourcecodester.com/users/lewa Software Link:...