what you don't know can hurt you
Showing 26 - 50 of 15,132 RSS Feed

SQL Injection Files

AIS Logistics ESEL-Server SQL Injection / Code Execution
Posted Apr 29, 2019
Authored by Manuel Feifel | Site metasploit.com

This Metasploit module will execute an arbitrary payload on an "ESEL" server used by the AIS logistic software. The server typically listens on port 5099 without TLS. There could also be server listening on 5100 with TLS but the port 5099 is usually always open. The login process is vulnerable to an SQL Injection. Usually a MSSQL Server with the 'sa' user is in place. This module was verified on version 67 but it should also run on lower versions. An fixed version was created by AIS in September 2017. However most systems have not been updated. In regard to the payload, unless there is a closed port in the web server, you dont want to use any "bind" payload. You want a "reverse" payload, probably to your port 80 or to any other outbound port allowed on the firewall. Currently, one delivery method is supported This method takes advantage of the Command Stager subsystem. This allows using various techniques, such as using a TFTP server, to send the executable. By default the Command Stager uses 'wcsript.exe' to generate the executable on the target. NOTE: This module will leave a payload executable on the target system when the attack is finished.

tags | exploit, web, arbitrary, sql injection
advisories | CVE-2019-10123
MD5 | 2683e770d74ded7d653c48065da8cf98
Joomla ARI Quiz 3.7.4 SQL Injection
Posted Apr 27, 2019
Authored by Mr Winst0n

Joomla ARI Quiz version 3.7.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b5209ba22cb982bd3e147963caaee250
ManageEngine Applications Manager 14.0 SQL Injection / Command Injection
Posted Apr 23, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits SQL injection and command injection vulnerability in the ManageEngine AM versions 14 and below.

tags | exploit, sql injection
advisories | CVE-2019-11469
MD5 | f94429a86b4ffe842922471acd27d88a
ManageEngine Applications Manager 14 SQL Injection / Remote Code Execution
Posted Apr 18, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits SQL injection and command injection vulnerabilities in ManageEngine AM 14 and prior versions. An unauthenticated user can gain the authority of "system" on the server due to the SQL injection vulnerability. The exploit allows the writing of the desired file to the system using the postgresql structure. The module is written over the payload by selecting a file with the extension ".vbs" that is used for monitoring by the ManageEngine which working with "system" authority. In addition, it dumps the users and passwords from the database for us. After the harmful ".vbs" file is written, the shell session may be a bit late.

tags | exploit, shell, vulnerability, sql injection
MD5 | e4067a38b1263e4f06fdc9547f9866c7
Raptor WAF 0.6
Posted Apr 14, 2019
Authored by coolervoid

Raptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.

Changes: Fixed error handlers. Improved and fixed all socket connections.
tags | tool, web, firewall, xss, sql injection
systems | unix
MD5 | 8e5555cd8660e9301c79a579e3ef6dbc
Jobberbase CMS 2.0 SQL Injection
Posted Apr 13, 2019
Authored by Suvadip Kar

Jobberbase CMS version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 0b139228a74567c4bb7ed2d019950eb4
Ashop Shopping Cart Software SQL Injection
Posted Apr 9, 2019
Authored by Dogukan Karaciger

Ashop Shopping Cart Software suffers from a remote SQL injection vulnerability in bannedcustomers.php.

tags | exploit, remote, php, sql injection
MD5 | a9726e6a13c0a86e9804ac4e80b99eca
Jobgator SQL Injection
Posted Apr 6, 2019
Authored by Ahmet Umit Bayram

Jobgator suffers from a remote SQL injection vulnerability. Affects the latest version available as of March 5, 2019.

tags | exploit, remote, sql injection
MD5 | 69bf8b3a59e46a4eac02b681e979d552
Tradebox CryptoCurrency 5.4 SQL Injection
Posted Apr 5, 2019
Authored by Abdullah Celebi

Tradebox CryptoCurrency version 5.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 606d500c8655565617e3e1e3c70cb394
FreeSMS 2.1.2 SQL Injection
Posted Apr 4, 2019
Authored by Yilmaz Degirmenci

FreeSMS version 2.1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 316f4f93b8f9e38f9d63848a54a5780d
Clinic Pro 4 SQL Injection
Posted Apr 3, 2019
Authored by Abdullah Celebi

Clinic Pro version 4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 32484b0286331286855241babe0af4e2
Ashop Shopping Cart Software SQL Injection
Posted Apr 3, 2019
Authored by Ahmet Umit Bayram

Ashop Shopping Cart Software suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d4499d14d88a13079ce87ba6bb1f6575
iScripts ReserveLogic SQL Injection
Posted Apr 3, 2019
Authored by Ahmet Umit Bayram

iScripts ReserveLogic suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | be7da49728346e8c6d9d62648a014d7c
CMS Made Simple SQL Injection
Posted Apr 2, 2019
Authored by Daniele Scanu

CMS Made Simple versions prior to 2.2.10 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2019-9053
MD5 | a0581c61bf23afc88d6e6ed205385339
Inout EasyRooms Ultimate Edition 1.0 SQL Injection
Posted Apr 2, 2019
Authored by Ahmet Umit Bayram

Inout EasyRooms Ultimate Edition version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b6dcd1633f2af3ef4b87741c14c2d35b
Inout RealEstate SQL Injection
Posted Apr 2, 2019
Authored by Ahmet Umit Bayram

Inout RealEstate suffers from a remote SQL injection vulnerability. The version as of 2019/04/02 is affected.

tags | exploit, remote, sql injection
MD5 | ddeff203c187c9225b1eadc7bd25bbc8
SQLMAP - Automatic SQL Injection Tool 1.3.4
Posted Apr 1, 2019
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 1c8380669ea9d9d35dc6340928d1d738
Fiverr Clone Script 1.2.2 Cross Site Scripting / SQL Injection
Posted Apr 1, 2019
Authored by Mr Winst0n

Fiverr Clone Script version 1.2.2 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | aa633fc8b896ed59cd8c18665450b533
Magento 2.3.0 SQL Injection
Posted Mar 29, 2019
Authored by Charles FOL

Magento versions 2.2.0 through 2.3.0 unauthenticated remote SQL injection exploit.

tags | exploit, remote, sql injection
MD5 | fd9d593a8b6ef880b62253bdde56c246
Job Portal 3.1 SQL Injection
Posted Mar 29, 2019
Authored by Mehmet Emiroglu

Job Portal version 3.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ea89e98207f68fe80916e9852460d6e1
BigTree CMS 4.3.4 SQL Injection
Posted Mar 29, 2019
Authored by Mehmet Emiroglu

BigTree CMS version 4.3.4 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 6a38bc0643f90db9afb86befcc862891
Jettweb PHP Hazir Rent A Car Sitesi Scripti 2 SQL Injection
Posted Mar 29, 2019
Authored by Ahmet Umit Bayram

Jettweb PHP Hazir Rent A Car Sitesi Scripti version 2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 18f62a5e5ad9bc383565459c869d1942
Airbnb Clone Script (Homeybnb) SQL Injection
Posted Mar 28, 2019
Authored by Ahmet Umit Bayram

Airbnb Clone Script (Homeybnb) suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 79d64dc32237fe43c8d09e61953351f3
Jettweb Hazir Rent A Car Scripti 4 SQL Injection
Posted Mar 27, 2019
Authored by Ahmet Umit Bayram

Jettweb Hazir Rent A Car Scripti version 4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 90a98f8ae6a9c9f8c14d3285b5882c7e
XooDigital SQL Injection
Posted Mar 27, 2019
Authored by Ahmet Umit Bayram

XooDigital suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 0e22247b2ccdca0ae95022869357cf17
Page 2 of 606
Back12345Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close