what you don't know can hurt you
Showing 76 - 100 of 15,467 RSS Feed

SQL Injection Files

Online Birth Certificate System 1.0 SQL Injection / Code Execution
Posted Jul 13, 2020
Authored by gh1mau

Online Birth Certificate System version 1.0 suffers from a remote SQL injection vulnerability that allows for remote code execution.

tags | exploit, remote, code execution, sql injection
MD5 | 8686f693fd67555f6d54e14a72b3fe5e
Curfew e-Pass Management System 1.0 SQL Injection
Posted Jul 13, 2020
Authored by gh1mau

Curfew e-Pass Management System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 6b76477e92acc98d1345ad010620095b
Small CRM 2.0 SQL Injection
Posted Jul 13, 2020
Authored by gh1mau

Small CRM version 2.0 suffers from a remote SQL injection vulnerability. This version was first discovered to have a different SQL injection vulnerability in January of 2020 by FULLSHADE.

tags | exploit, remote, sql injection
MD5 | e2a6100a69d47dc71b098300c3b27e42
User Registration And Login And User Management System 2.1 SQL Injection
Posted Jul 13, 2020
Authored by gh1mau

User Registration and Login and User Management System with admin panel version 2.1 suffers from multiple remote SQL injection vulnerabilities. One allows for authentication bypass.

tags | exploit, remote, vulnerability, sql injection
MD5 | c668e96ed58cfdd4c4e8f03e2b5ef9b1
Online Polling System SQL Injection
Posted Jul 13, 2020
Authored by AppleBois

Online Polling System from sourcecodester.com suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 9e30ab465c9d253749cfe43c8faad4fc
Park Ticketing Management System 1.0 SQL Injection
Posted Jul 13, 2020
Authored by gh1mau

Park Ticketing Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities. These can be used to bypass login and execute code.

tags | exploit, remote, vulnerability, sql injection
MD5 | cdb2a6a4449ebd4de077e84c9ac8cbca
Online DJ Booking Management System Project Report 1.0 SQL Injection / Code Execution
Posted Jul 12, 2020
Authored by gh1mau

Online DJ Booking Management System Project Report version 1.0 remote SQL injection exploit that achieves code execution.

tags | exploit, remote, code execution, sql injection
MD5 | a9e41d63dd700e9847b63f161dcb8bf8
Responsive Online Blog 1.0 SQL Injection
Posted Jul 12, 2020
Authored by Eren Simsek, gh1mau

Responsive Online Blog version 1.0 remote SQL injection proof of concept exploit. Original discovery of the vulnerability is attributed to Eren Simsek.

tags | exploit, remote, sql injection, proof of concept
MD5 | e18068189f7566f8324003f0d4a76456
Barangay Management System 1.0 SQL Injection
Posted Jul 10, 2020
Authored by BKpatron

Barangay Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
MD5 | 9e2e4c2e400cf28065cec0ee5b40156a
Impress CMS 1.4.0 Code Execution / SQL Injection
Posted Jul 10, 2020
Authored by AppleBois

Impress CMS version 1.4.0 has an issue where an authenticated user can make use of the AutoTask feature to execute php code, allowing for remote SQL injection and remote code execution.

tags | exploit, remote, php, code execution, sql injection
MD5 | b5f8c806b5bde139ab34a7e35d46ad18
Online Shopping Portal 3.1 SQL Injection
Posted Jul 7, 2020
Authored by gh1mau

Online Shopping Portal version 3.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 99b25ef0edc956f2d119709e1808ff68
openSIS 7.4 Unauthenticated PHP Code Execution
Posted Jul 6, 2020
Authored by EgiX | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code with the permissions of the webserver. The exploit chain abuses an incorrect access control issue which allows access to scripts which should require the user to be authenticated, and a local file inclusion to reach a SQL injection vulnerability which results in execution of arbitrary PHP code due to an unsafe use of the eval() function.

tags | exploit, arbitrary, local, php, vulnerability, sql injection, file inclusion
advisories | CVE-2020-13381, CVE-2020-13382, CVE-2020-13383
MD5 | 07a638401a07dae3fe0cc15b5a196965
rauLink Software Domotica Web 2.0 SQL Injection
Posted Jul 6, 2020
Authored by LiquidWorm | Site zeroscience.mk

rauLink Software Domotica Web version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, web, sql injection
MD5 | 2e87055a57f33f9b29edeaf78101e3e4
SQLMAP - Automatic SQL Injection Tool 1.4.7
Posted Jul 1, 2020
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Bug fixes.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 0013f2e6caa2f485ba5ab824129df1bd
e-learning PHP Script 0.1.0 SQL Injection
Posted Jul 1, 2020
Authored by KeopssGroup0day Inc

e-learning PHP Script version 0.1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | d3535b2b5828fb6373c1ce7b70ade504
Joomla J2 JOBS 1.3.0 SQL Injection
Posted Jul 1, 2020
Authored by Mehmet Kelepce

Joomla J2 JOBS version 1.3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b6e9ae8593077a217b83d68d97b8210c
Online Shopping Portal 3.1 SQL Injection / Shell Upload
Posted Jul 1, 2020
Authored by Umit Yalcin

Online Shopping Portal version 3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass as well as a shell upload.

tags | exploit, remote, shell, sql injection
MD5 | a413dd610290694b938f4df3d35a392d
openSIS 7.4 SQL Injection
Posted Jun 30, 2020
Authored by EgiX | Site karmainsecurity.com

openSIS versions 7.4 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2020-13380, CVE-2020-13381
MD5 | a2debfb35200111f560b317b09d7483a
Reside Property Management 3.0 SQL Injection
Posted Jun 30, 2020
Authored by AmirMohammad Safari, Ashkan Moghaddas

Reside Property Management version 3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 20d62d2e1faf26cc920d947813905186
Responsive Online Blog 1.0 SQL Injection
Posted Jun 23, 2020
Authored by Eren Simsek

Responsive Online Blog version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 19e8f36d67f7fb0e83cc09a4e6b3d12f
Beauty Parlour Management System 1.0 SQL Injection
Posted Jun 19, 2020
Authored by Prof. Kailas Patil

Beauty Parlour Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 00ce345433235e748d1215b0d44eca14
Agent Tesla Panel Remote Code Execution
Posted Jun 18, 2020
Authored by Ege Balci, mekhalleh, gwillcox-r7 | Site metasploit.com

This Metasploit module exploits a command injection vulnerability within the Agent Tesla control panel, in combination with an SQL injection vulnerability and a PHP object injection vulnerability, to gain remote code execution on affected hosts. Panel versions released prior to September 12, 2018 can be exploited by unauthenticated attackers to gain remote code execution as user running the web server. Agent Tesla panels released on or after this date can still be exploited however, provided that attackers have valid credentials for the Agent Tesla control panel. Note that this module presently only fully supports Windows hosts running Agent Tesla on the WAMP stack. Support for Linux may be added in a future update, but could not be confirmed during testing.

tags | exploit, remote, web, php, code execution, sql injection
systems | linux, windows
MD5 | d4d981962d4baab56ec1e03af0dd4132
Cayin xPost 2.5 SQL Injection / Remote Code Execution
Posted Jun 18, 2020
Authored by LiquidWorm, h00die | Site metasploit.com

This Metasploit module exploits an unauthenticated remote SQL injection vulnerability in Cayin xPost versions 2.5 and below. The wayfinder_meeting_input.jsp file's wayfinder_seqid parameter can be injected blindly. Since this app bundles MySQL and Apache Tomcat the environment is pretty static and therefore the default settings should work. Results in SYSTEM level access. Only the java/jsp_shell_reverse_tcp and java/jsp_shell_bind_tcp payloads seem to be valid.

tags | exploit, java, remote, sql injection
advisories | CVE-2020-7356
MD5 | 0bce693076ed6cfe035781e990db745d
Gila CMS 1.1.18.1 SQL Injection / Shell Upload
Posted Jun 18, 2020
Authored by th3d1gger, Carlos Ramirez L | Site metasploit.com

This Metasploit module exploits a remote SQL injection vulnerability in the "query" parameter found on Gila CMS version 1.1.18.1.

tags | exploit, remote, sql injection
advisories | CVE-2020-5515
MD5 | 6a3f9be42f383ba346b83ee2807e1072
College-Management-System-Php 1.0 SQL Injection
Posted Jun 18, 2020
Authored by BLAY ABU SAFIAN

College-Management-System-Php version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, php, sql injection
MD5 | fedd77cb039b3c893f4bfd8b2086e2ca
Page 4 of 619
Back23456Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close