737 matches found
Ovidentia 8.4.3 - SQL Injection Vulnerability
Exploit for php platform in category web applications ------------------------------------------------------- Exploit Title: Ovidentia CMS - SQL Injection Authenticated CVE: CVE-2019-13978 Exploit Author: Fernando Pinheiro n3k00n3 Victor Flores UserX Vendor Homepage: https://www.ovidentia.org/...
Ovidentia 8.4.3 - SQL Injection
Ovidentia 8.4.3 - SQL Injection ------------------------------------------------------- Exploit Title: Ovidentia CMS - SQL Injection Authenticated Date: 06/05/2019 CVE: CVE-2019-13978 Exploit Author: Fernando Pinheiro n3k00n3 Victor Flores UserX Vendor Homepage: https://www.ovidentia.org/ Version...
Ovidentia 8.4.3 SQL Injection
------------------------------------------------------- Exploit Title: Ovidentia CMS - SQL Injection Authenticated Date: 06/05/2019 CVE: CVE-2019-13978 Exploit Author: Fernando Pinheiro n3k00n3 Victor Flores UserX Vendor Homepage: https://www.ovidentia.org/ Version: 8.4.3 Tested on: Mac,linux -...
On the CMSMS SQL injection vulnerability in the reproduction and analysis and use-vulnerability and early warning-the black bar safety net
CMS Made SimpleCMSMSis a simple and convenient content management system which uses PHP, MySQL and Smarty template engine development, having a role-based rights management system, wizard-based installation and update mechanism, the system resources occupy less, while the included file management...
SQLMap v1.3.7 - Automatic SQL Injection And Database Takeover Tool
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...
Starbucks: Blind SQL Injection on starbucks.com.gt and WAF Bypass :*
Starting with a blind SQL Injection on http://www.starbucks.com.gt/menu/beverage/detail, @d3417 was able to dump schema on several database tables. Initially closed as N/A because of our exclusion on automated tools, reopened to investigate the data reported in the tables, and because the casual...
Starbucks: SQL Injection Extracts Starbucks Enterprise Accounting, Financial, Payroll Database
As described in the Hacker Summary, @spaceraccoon discovered a SQL Injection vulnerability in a web service backed by Microsoft Dynamics AX. @spaceraccoon demonstrated that the flaw was exploitable via XML-formatted HTTP payload requests to the server. We appreciate @spaceraccoon's clear and...
Faraday v3.6 - Collaborative Penetration Test and Vulnerability Management Platform
Here are the main new features and improvements in Faraday v3.6: WelcomeService Now A new way to send vulnerabilities is available! We integrated Faraday with Service Now, giving you more options to work with. Burp plugin was totally revamped We have been working hard to make several changes to...
ResourceSpace 8.6 - watched_searches.php SQL Injection
ResourceSpace 8.6 - watchedsearches.php SQL Injection Exploit Title: ResourceSpace =8.6 'watchedsearches.php' SQL Injection Dork: intext:"Powered by ResourceSpace" Date: 2019-02-01 Exploit Author: dd [email protected] Vendor Homepage: https://www.resourcespace.com/ Software Link:...
Care2x 2.7 (HIS) Hospital Information System SQL Injection
Exploit Title: Care2x 2.7 HIS Hospital Information system - Multiples SQL Injection Date: 01/17/2019 Software Links/Project: https://github.com/care2x/care2x | http://www.care2x.org/ Version: Care2x 2.7 Exploit Author: Carlos Avila Category: webapps Tested on: Windows 8.1 / Ubuntu Linux Contact:...
ResourceSpace 8.6 SQL Injection
Exploit Title: ResourceSpace &redirect=yes&ref=3620&submitted=true&name=PWNED&keywords=©=&save=%C2%A0%C2%A0Save%C2%A0%C2%A0'...
ResourceSpace 8.6 - 'collection_edit.php' SQL Injection
Exploit Title: ResourceSpace &redirect=yes&ref=3620&submitted=true&name=PWNED&keywords=©=&save=%C2%A0%C2%A0Save%C2%A0%C2%A0'...
ResourceSpace 8.6 - collection_edit.php SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: ResourceSpace &redirect=yes&ref=3620&submitted=true&name=PWNED&keywords=©=&save=%C2%A0%C2%A0Save%C2%A0%C2%A0'...
Htcap - A Web Application Scanner Able To Crawl Single Page Application (SPA) In A Recursive Manner By Intercepting Ajax Calls And DOM Changes
Htcap is a web application scanner able to crawl single page application SPA in a recursive manner by intercepting ajax calls and DOM changes. Htcap is not just another vulnerability scanner since it's focused on the crawling process and it's aimed to detect and intercept ajax/fetch calls,...
SQLiScanner - Automatic SQL Injection With Charles And Sqlmap API
Automatic SQL injection with Charles and sqlmapapi Dependencies Django PostgreSQL Celery sqlmap redis Supported platforms Linux osx Installation Preferably, you can download SQLiScanner by cloning the Git repository: git clone https://github.com/0xbug/SQLiScanner.git --depth 1 You can download...
WordPress AutoSuggest 0.24 Plugin - wpas_keys SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: WP AutoSuggest 0.24 - SQL Injection Software Link: https://wordpress.org/plugins/wp-autosuggest/ Exploit Author: Kaimi Website: https://kaimi.io Version: 0.24 Category: webapps SQL Injection File: autosuggest.php Vulnerable code...
WP AutoSuggest 0.24 - Unauthenticated SQL Injection
The wp-autosuggest WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability. PoC sqlmap -u "http://URL/wp-content/plugins/wp-autosuggest/autosuggest.php?wpasaction=querykeys=1" --technique BT --dbms MYSQL --risk 3 --level 5 -p wpaskeys --tamper space2comment...
WP AutoSuggest 0.24 - Unauthenticated SQL Injection
The wp-autosuggest WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability. sqlmap -u "http://URL/wp-content/plugins/wp-autosuggest/autosuggest.php?wpasaction=query&wpaskeys=1" --technique BT --dbms MYSQL --risk 3 --level 5 -p wpaskeys --tamper space2comment...
WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection
Exploit Title: WP AutoSuggest 0.24 - SQL Injection Date: 01-12-2018 Software Link: https://wordpress.org/plugins/wp-autosuggest/ Exploit Author: Kaimi Website: https://kaimi.io Version: 0.24 Category: webapps SQL Injection File: autosuggest.php Vulnerable code: if isset$GET'wpaskeys' $wpaskeys =...
WordPress Plugin AutoSuggest 0.24 - wpas_keys SQL Injection
WordPress Plugin AutoSuggest 0.24 - wpaskeys SQL Injection Exploit Title: WP AutoSuggest 0.24 - SQL Injection Date: 01-12-2018 Software Link: https://wordpress.org/plugins/wp-autosuggest/ Exploit Author: Kaimi Website: https://kaimi.io Version: 0.24 Category: webapps SQL Injection File:...