Blog Posts - Sql Injection



DDoS attacks and SQL Injections Explained

In most articles about Hack you usually follow attacks by groups like Anonymous, LulzSec and AntiSec. And you’ve heard also spoke websites and platforms that have been hacked as Sony earlier this year, for example. But are you aware of the methods...
by Tech Holics Blog on May 16, 2016

Joomla Content History SQL Injection Remote Code Execution

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require 'msf/core'   class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking   incl...
by MondoUnix on Nov 21, 2015

WP Fastest Cache 0.8.4.8 Blind SQL Injection

# Exploit Title: WP Fastest Cache 0.8.4.8 Blind SQL Injection # Date: 11-11-2015 # Software Link: https://wordpress.org/plugins/wp-fastest-cache/ # Exploit Author: Kacper Szurek # Contact: http://twitter.com/KacperSzurek # Website: http://security.sz...
by MondoUnix on Nov 13, 2015

WordPress Pie Register 2.0.18 SQL Injection

Details ================ Software: Pie Register Version: 2.0.18 Homepage: https://github.com/GTSolutions/Pie-Register CVE: CVE-2015-7682 (Pending) CVSS: 3.5 (Low; AV:N/AC:M/Au:S/C:P/I:N/A:N) CWE: CWE-89   Description ================ Two blind S...
by MondoUnix on Nov 1, 2015

Joomla JNews SQL Injection

# Description of the component: Reach, engage and delight more customers with newsletters, auto-responders or campaign management.   ################################################################################################## # Exploit Tit...
by MondoUnix on Oct 31, 2015

WordPress Count Per Day 3.4 SQL Injection

Advisory ID: HTB23267 Product: Count Per Day WordPress plugin Vendor: Tom Braider Vulnerable Version(s): 3.4 and probably prior Tested Version: 3.4 Advisory Publication: July 1, 2015 [without technical details] Vendor Notification: July 1, 2015 Vendo...
by MondoUnix on Aug 14, 2015

WordPress Unite Gallery Lite 1.4.6 CSRF / SQL Injection

# Title: Cross-Site Request Forgery & SQL Injection Vulnerabilities in Unite Gallery Lite Wordpress Plugin v1.4.6 # Submitter: Nitin Venkatesh # Product: Unite Gallery Lite Wordpress Plugin # Product URL: https://wordpress.org/plugins/unite-galle...
by MondoUnix on Aug 14, 2015

WordPress WP-PowerPlayGallery 3.3 File Upload / SQL Injection

Title: Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-27 Download Site: https://wordpress.org/plugins/wp-powerplaygallery Vendor: WP SlideShow Vendor Notifi...
by MondoUnix on Jul 16, 2015

Joomla Docman Path Disclosure / Local File Inclusion

# Joomla docman Component 'com_docman' Full Path Disclosure(FPD) & Local File Disclosure/Include(LFD/LFI) # CWE: CWE-200(FPD) CWE-98(LFI/LFD) # Risk: High # Author: Hugo Santiago dos Santos # Contact: hugo.s@linuxmail.org # Date: 13/07/2015 # Ven...
by MondoUnix on Jul 16, 2015

WordPress Easy2Map-Photos 1.09 SQL Injection

Title: SQL Injection in easy2map-photos wordpress plugin v1.09 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map-photos Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.1.0 Vendo...
by MondoUnix on Jul 13, 2015

WordPress CP Contact Form With Paypal 1.1.5 CSRF / XSS / SQL Injection

# Title: Cross-Site Request Forgery, Cross-Site Scripting and SQL Injection in CP Contact Form with Paypal Wordpress Plugin v1.1.5 # Submitter: Nitin Venkatesh # Product: CP Contact Form with Paypal Wordpress Plugin # Product URL: https://wordpress.o...
by MondoUnix on Jul 13, 2015

Joomla J2Store 3.1.6 SQL Injection

J2Store v3.1.6, a Joomla! extension that adds basic store functionality to a Joomla! instance, suffered from two unauthenticated boolean-blind and error-based SQL injection vulnerabilities. Since February 2015, J2Store has had about 16,000 downloads...
by MondoUnix on Jul 13, 2015

WordPress Booking Calendar Contact Form 1.0.2 XSS / SQL Injection

# Exploit Title: WordPress Booking Calendar Contact Form 1.0.2[Multiple vulnerabilities] # Date: 2015-05-01 # Google Dork: Index of /wordpress/wp-content/plugins/booking-calendar-contact-form/ # Exploit Author: Joaquin Ramirez Martinez [ i0akiN SEC-L...
by MondoUnix on Jun 19, 2015

WordPress Media File Manager Advanced 1.1.5 XSS / SQL Injection

Description   "media-file-manager-advanced" suffers from executing administrator actions by any authenticated user due to weak permissions checking. An attacker can delete/update posts, Creating/Removing/Listing Directories, Moving/Renam...
by MondoUnix on Jun 19, 2015

WordPress NewStatPress 0.9.8 Cross Site Scripting / SQL Injection

# Title: Multiple vulnerabilities in WordPress plugin "NewStatPress" # Author: Adrián M. F. - adrimf85[at]gmail[dot]com # Date: 2015-05-25 # Vendor Homepage: https://wordpress.org/plugins/newstatpress/ # Active installs: 20,000+ # Vulnerable...
by MondoUnix on Jun 19, 2015

WordPress Freshmail 1.5.8 SQL Injection

------------------------ ISSUE 1:     # Exploit Title: Unauthenticated SQL Injection on Wordpress Freshmail (#1) # Google Dork: N/A # Date: 05/05/2015 # Exploit Author: Felipe Molina de la Torre (@felmoltor) # Vendor Homepage: *http://fresh...
by MondoUnix on May 15, 2015

WordPress Ultimate Product Catalogue 3.1.2 SQL Injection

-------- ISSUE 1:   # Exploit Title: Unauthenticated SQLi in Item_ID POST parameter on Ultimate Product Catalogue wordpress plugin # Google Dork: inurl:"SingleProduct" intext:"Back to catalogue" intext:"Category", inurl:&...
by MondoUnix on May 15, 2015

WordPress NEX-Forms 3.0 SQL Injection SQLMAP

######################   # Exploit Title : NEX-Forms 3.0 SQL Injection Vulnerability   # Exploit Author : Claudio Viviani   # Website Author: http://www.homelab.it http://archive-exploit.homelab.it/1 (Full HomelabIT Vulns Archive) ...
by MondoUnix on Apr 24, 2015

WordPress NEX-Forms 3.0 SQL Injection inurlbr

# AUTOR SCRIPT: Cleiton Pinheiro / Nick: googleINURL # Exploit name: MINI 3xplo1t-SqlMap - WordPress NEX-Forms 3.0 SQL Injection Vulnerability # Type: SQL Injection # Email: inurlbr@gmail.com # Blog: http://blog.inurl.com.br # Twitter: https://twitte...
by MondoUnix on Apr 24, 2015

WordPress Video Gallery 2.8 SQL Injection

######################   # Exploit Title : Wordpress Video Gallery 2.8 SQL Injection Vulnerabilitiey   # Exploit Author : Claudio Viviani   # Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery  ...
by MondoUnix on Apr 22, 2015


Trending Topics

Close