Search the Community

Showing results for tags 'sql'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Cracking Zone
    • Cracking Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
    • Windows Phone
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Premium Accounts
    • Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Cracking Zone PRIV8
    • Cracking Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Location


Interests


Occupation


TeamViewer


Tox

Found 453 results

  1. phpKF version 1.10 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. View the full article
  2. Freelance Cockpit CRM version 3.3.1 suffers from a remote SQL injection vulnerability. View the full article
  3. Horde Webmail version 5.2.22 suffers from code execution, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. View the full article
  4. 1337day-Exploits

    Exploits DeepSound 1.0.4 SQL Injection

    DeepSound version 1.0.4 suffers from a remote SQL injection vulnerability. View the full article
  5. 1337day-Exploits

    Exploits CommSy 8.6.5 SQL Injection

    CommSy version 8.6.5 suffers from a remote SQL injection vulnerability. View the full article
  6. 1337day-Exploits

    Exploits PasteShr 1.6 SQL Injection

    PasteShr version 1.6 suffers from multiple remote SQL injection vulnerabilities. View the full article
  7. SOCA Access Control System version 180612 suffers from remote SQL injection vulnerabilities that allow for authentication bypass. View the full article
  8. 1337day-Exploits

    Exploits SalesERP 8.1 SQL Injection

    SalesERP version 8.1 suffers from a remote SQL injection vulnerability. View the full article
  9. 1337day-Exploits

    Exploits XOOPS CMS 2.5.9 SQL Injection

    XOOPS CMS version 2.5.9 suffers from a remote SQL injection vulnerability. View the full article
  10. WordPress Form Maker plugin version 1.13.3 suffers from a remote SQL injection vulnerability. View the full article
  11. itsMe

    SQL Dorks Generator

    [HIDE][Hidden Content]]
  12. 1337day-Exploits

    Exploits OpenProject 8.3.1 SQL Injection

    OpenProject versions 5.0.0 through 8.3.1 suffer from a remote SQL injection vulnerability. View the full article
  13. Extreme Sistemas CMS versions as of 2019/05/08 suffer from a remote SQL injection vulnerability. View the full article
  14. 1337day-Exploits

    Exploits PHPads 2.0 SQL Injection

    PHPads version 2.0 based on Pixelledads version 1.0 suffers from a remote SQL injection vulnerability. View the full article
  15. microASP (Portal+) CMS suffers from a remote SQL injection vulnerability. View the full article
  16. Instagram Auto Follow suffers from a remote SQL injection vulnerability that allows for authentication bypass. View the full article
  17. Introduction SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine and many features for penetration testers. SQLMap is capable of databases fingerprinting, fetching data from the databases, accessing the database file systems, running different commands on the target server, etc. SQLmap: Automatic SQL Injection Tool This very powerful exploitation tool is developed in Python an it’s FREE to use. It requires Python version 2.6.x or 2.7.x. and comes preinstalled on Kali Linux, but can be run on any platform. Features SQLmap have many features divided into 3 groups: GENERIC FEATURES FINGERPRINT AND ENUMERATION FEATURES TAKEOVER FEATURES We’ll list some of them here: Full support for:MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems. Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band. Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name. Support to enumerate users, password hashes, privileges, roles, databases, tables and columns. Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack. Support to dump database tables entirely, a range of entries or specific columns as per user’s choice. The user can also choose to dump only a range of characters from each column’s entry. Support to search for specific database names, specific tables across all databases or specific columns across all databases’ tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns’ names contain string like name and pass. Capable to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server. Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server. Ability to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user’s choice. Support for database process’ user privilege escalation via Metasploit’s Meterpreter getsystem command. [HIDE][Hidden Content]]
  18. ScanQLi is a simple SQL injection scanner with somes additionals features. This tool can't exploit the SQLi, it just detect them. Tested on Debian 9 Features Classic Blind Time based GBK (soon) Recursive scan (follow all hrefs of the scanned web site) Cookies integration Adjustable wait delay between requests Ignore given URLs [HIDE][Hidden Content]]
  19. This Metasploit module will execute an arbitrary payload on an "ESEL" server used by the AIS logistic software. The server typically listens on port 5099 without TLS. There could also be server listening on 5100 with TLS but the port 5099 is usually always open. The login process is vulnerable to an SQL Injection. Usually a MSSQL Server with the 'sa' user is in place. This module was verified on version 67 but it should also run on lower versions. An fixed version was created by AIS in September 2017. However most systems have not been updated. In regard to the payload, unless there is a closed port in the web server, you dont want to use any "bind" payload. You want a "reverse" payload, probably to your port 80 or to any other outbound port allowed on the firewall. Currently, one delivery method is supported This method takes advantage of the Command Stager subsystem. This allows using various techniques, such as using a TFTP server, to send the executable. By default the Command Stager uses 'wcsript.exe' to generate the executable on the target. NOTE: This module will leave a payload executable on the target system when the attack is finished. View the full article
  20. Joomla ARI Quiz version 3.7.4 suffers from a remote SQL injection vulnerability. View the full article
  21. This Metasploit module exploits SQL injection and command injection vulnerability in the ManageEngine AM versions 14 and below. View the full article
  22. This Metasploit module exploits SQL injection and command injection vulnerabilities in ManageEngine AM 14 and prior versions. An unauthenticated user can gain the authority of "system" on the server due to the SQL injection vulnerability. The exploit allows the writing of the desired file to the system using the postgresql structure. The module is written over the payload by selecting a file with the extension ".vbs" that is used for monitoring by the ManageEngine which working with "system" authority. In addition, it dumps the users and passwords from the database for us. After the harmful ".vbs" file is written, the shell session may be a bit late. View the full article
  23. 1337day-Exploits

    Exploits Jobberbase CMS 2.0 SQL Injection

    Jobberbase CMS version 2.0 suffers from a remote SQL injection vulnerability. View the full article
  24. Ashop Shopping Cart Software suffers from a remote SQL injection vulnerability in bannedcustomers.php. View the full article