exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 16,739 RSS Feed

SQL Injection Files

Zabbix toggle_ids SQL Injection
Posted Aug 31, 2024
Authored by bperry, 1N3 | Site metasploit.com

This Metasploit module will exploit a SQL injection in Zabbix 3.0.3 and likely prior in order to save the current usernames and password hashes from the database to a JSON file.

tags | exploit, sql injection
advisories | CVE-2016-10134
SHA-256 | 2ebbd2d691dd7508785002385cab0f09585ac3584018b08791e074e76431981a
AlienVault Authenticated SQL Injection Arbitrary File Read
Posted Aug 31, 2024
Authored by Chris Hebert | Site metasploit.com

AlienVault 4.6.1 and below is susceptible to an authenticated SQL injection attack against newpolicyform.php, using the insertinto parameter. This Metasploit module exploits the vulnerability to read an arbitrary file from the file system. Any authenticated user is able to exploit this, as administrator privileges are not required.

tags | exploit, arbitrary, php, sql injection
advisories | CVE-2014-5383
SHA-256 | 47041a9a098122925ec54b3140188d51933adc560f06bb113f6adbbff41e40a1
Pimcore Gather Credentials via SQL Injection
Posted Aug 31, 2024
Authored by Shelby Pace, N. Rai-Ngoen, Thongchai Silpavarangkura | Site metasploit.com

This Metasploit module extracts the usernames and hashed passwords of all users of the Pimcore web service by exploiting a SQL injection vulnerability in Pimcores REST API. Pimcore begins to create password hashes by concatenating a users username, the name of the application, and the users password in the format USERNAME:pimcore:PASSWORD. The resulting string is then used to generate an MD5 hash, and then that MD5 hash is used to create the final hash, which is generated using PHPs built-in password_hash function.

tags | exploit, web, php, sql injection
advisories | CVE-2018-14058
SHA-256 | a1fac0dca0eb708a1348babebd5e4be27016a27680c8d2967d94171f313a98ca
SuiteCRM Authenticated SQL Injection
Posted Aug 31, 2024
Authored by Exodus Intelligence, Redouane Niboucha, jheysel-r7 | Site metasploit.com

This Metasploit module exploits an authenticated SQL injection in SuiteCRM in versions before 7.12.6. The vulnerability allows an authenticated attacker to send specially crafted requests to the export entry point of the application in order to retrieve all the usernames and their associated password from the database.

tags | exploit, sql injection
SHA-256 | 668d40628faf73dd32554ae84c36e46a6ae67a8a8d4b003f7fec6bd01f8d03a0
vBulletin Password Collector via nodeid SQL Injection
Posted Aug 31, 2024
Authored by sinn3r, juan vazquez, Orestis Kourides | Site metasploit.com

This Metasploit module exploits a SQL injection vulnerability found in vBulletin 5 that has been used in the wild since March 2013. This Metasploit module can be used to extract the web applications usernames and hashes, which could be used to authenticate into the vBulletin admin control panel.

tags | exploit, web, sql injection
advisories | CVE-2013-3522
SHA-256 | 9953eec6fb67362ca052bf437373a2bec59f84c7bb8d3f92c3865a42e0402bf8
Solarwinds Orion AccountManagement.asmx GetAccounts Admin Creation
Posted Aug 31, 2024
Authored by Brandon Perry | Site metasploit.com

This Metasploit module exploits a stacked SQL injection in order to add an administrator user to the SolarWinds Orion database.

tags | exploit, sql injection
advisories | CVE-2014-9566
SHA-256 | 093acbf207ec9ea4bf6637a74dfccd18178c65093dbf4078f9c5d6f9416237f6
Joomla weblinks-categories Unauthenticated SQL Injection / Arbtirary File Read
Posted Aug 31, 2024
Authored by Brandon Perry | Site metasploit.com

Joomla versions 3.2.2 and below are vulnerable to an unauthenticated SQL injection which allows an attacker to access the database or read arbitrary files as the mysql user. This Metasploit module will only work if the mysql user Joomla is using to access the database has the LOAD_FILE permission.

tags | exploit, arbitrary, sql injection
SHA-256 | e4f0efe9190cb160490dfa35a3813627e3c34903da6ee95ecf2826d34ac1a7b8
MongoDB NoSQL Collection Enumeration Via Injection
Posted Aug 31, 2024
Site metasploit.com

This Metasploit module can exploit NoSQL injections on MongoDB versions less than 2.4 and enumerate the collections available in the data via boolean injections.

tags | exploit, sql injection
SHA-256 | 23d57b4a76867f69c9b2084cf4f1230f9ee16bbfab1ca8236fb783e1ca3485e3
Progress Software WhatsUp Gold SQL Injection
Posted Aug 31, 2024
Authored by SinSinology | Site github.com

Progress Software WhatsUp Gold versions prior to 2024.0.0 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2024-6670
SHA-256 | d2643d3ed23cb223e7dc521c6848e801ebb910bcdd26246c0e58de40bcbd3c44
File Management System 1.0 SQL Injection
Posted Aug 29, 2024
Authored by indoushka

File Management System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 84d5093da25f3b74750013b5d2574ef53e8e965cf254aa1de6a7c732b13475ff
Red Hat Security Advisory 2024-5856-03
Posted Aug 27, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-5856-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include HTTP request smuggling, bypass, code execution, denial of service, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, remote, web, denial of service, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2019-9511
SHA-256 | ea36a11f364c1db6f9484d33a2e95c47d8f1805c6c7b8b0a3240836892eac85d
Medical Center Portal 1.0 SQL Injection
Posted Aug 27, 2024
Authored by indoushka

Medical Center Portal version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
SHA-256 | 4d30a67a0ab94c8ceed55ef0165e2eedf1d276131b5341cfc581bf2954c04b02
Marc@TMS CMS 1.0 SQL Injection
Posted Aug 27, 2024
Authored by indoushka

Marc@TMS CMS version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7ce945e9ee9f63f544cbc47b68b4b3e53cc949f2005470d47eb077108c13828c
Login System Project 1.0 SQL Injection
Posted Aug 27, 2024
Authored by indoushka

Login System Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
SHA-256 | 6246efe507f796ffbcf438b89a4e64415367c7c634bcb20d80f59a253f813619
Loan Management System 1.0 SQL Injection
Posted Aug 26, 2024
Authored by indoushka

Loan Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
SHA-256 | ed75910910f3f594bf680ca801e599334e60fa3ca166470f03bfa31c27d4c6c4
Employee Record Management System 1.0 SQL Injection
Posted Aug 26, 2024
Authored by indoushka

Employee Record Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
SHA-256 | 48f74abd4ae2b0a4eefcbc41869e56c73b5b26ad8ea6f55bc7ef2939ebb312a7
DETS Project 1.0 SQL Injection
Posted Aug 26, 2024
Authored by indoushka

DETS Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
SHA-256 | 8e871e7f49c2379860d7b67c7b6819a9dfb93577e9139f8863c582714f30982a
School Log Management System 1.0 SQL Injection / Code Execution
Posted Aug 26, 2024
Authored by indoushka

School Log Management System version 1.0 suffers from a WYSIWYG code injection vulnerability.

tags | exploit, remote, code execution, sql injection
SHA-256 | 8ecbd78cc0fd66ac18a830457819fd7e6bc3280127a89e27f97777b39eda5335
Simple College Website 1.0 SQL Injection / Code Execution
Posted Aug 26, 2024
Authored by indoushka

Simple College Website version 1.0 appears to suffers from a remote SQL injection vulnerability that allows an attacker to achieve code execution.

tags | exploit, remote, code execution, sql injection
SHA-256 | 87a1f018cc026cf0415cd9dc7a48aea9bae4864d8fd6cadcb7d274baaacf9e4b
Company Visitor Management 1.0 SQL Injection
Posted Aug 23, 2024
Authored by indoushka

Company Visitor Management version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
SHA-256 | a3ae790e1f332d8ff787915e2feb853d7c3e614aeaea67361861ea7d18bb27df
Client Management System 1.0 SQL Injection
Posted Aug 23, 2024
Authored by indoushka

Client Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
SHA-256 | 25d183ad1ab808d8eb37c605403875c32f55a1eb9742ca2f0a1e77e0b7ce0951
CCMS Project 1.0 SQL Injection
Posted Aug 23, 2024
Authored by indoushka

CCMS Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
SHA-256 | de9151d5ff302677fb5da77053693b392b8644cb6845abb56a920fd62a7f579c
Biobook Social Networking Site 1.0 SQL Injection
Posted Aug 23, 2024
Authored by indoushka

Biobook Social Networking Site version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
SHA-256 | fa0e4caf860abda8bbabc5103e38c78e393907f876e4a4b9d5dd3cb7513396cf
DIAEnergie 1.10 SQL Injection
Posted Aug 22, 2024
Authored by Michael Heinzl, Tenable | Site metasploit.com

This Metasploit module exploit a remote SQL injection vulnerability in the CBEC service of DIAEnergie versions 1.10 and below from Delta Electronics. The commands will get executed in the context of NT AUTHORITY\SYSTEM.

tags | exploit, remote, sql injection
advisories | CVE-2024-4548
SHA-256 | bc4decf9aef605b2aae1085d9e9000478f002049033c464b464f96b76bc2de05
AVMS Project 1.0 SQL Injection
Posted Aug 22, 2024
Authored by indoushka

AVMS Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
SHA-256 | 44299386859b222bfbf61e5b31081de5872353d1be32639a637563ae9c557c3f
Page 5 of 670
Back34567Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close