The Latest Infosec News, Tools, and Exploits – Got Root?
# Title: WordPress Plugin Pie Register < 3.0.9 – Blind SQL Injection # Author: Manuel García Cárdenas # Date: 2018-05-10 # Software: WordPress Plugin Pie Register 3.0.9 # CVE: CVE-2018-10969 # I. VULNERABILITY # WordPress […]
# Exploit Title: Schools Alert Management Script – SQL Injection # Date: 2018-06-07 # Vendor Homepage: https://www.phpscriptsmall.com/ # Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ # Category: Web Application # Exploit Author: M3@Pandas # Web: https://github.com/unh3x/just4cve/issues/2 # Tested on: […]
# Exploit Title: Joomla! Component EkRishta 2.10 – ‘username’ SQL Injection # Date: 2018-06-11 # Exploit Author: L0RD # Software Link: https://extensions.joomla.org/extension/ek-rishta/ # Vendor Homepage: https://www.joomlaextensions.co.in/ # Version: 2.10 # Tested on: Win 10 # […]
# Exploit Title: Smartshop 1 – SQL Injection # Date: 2018-06-02 # Exploit Author: L0RD or borna.nematzadeh123@gmail.com # Software Link: https://github.com/smakosh/Smartshop/archive/master.zip # Vendor Homepage: https://www.behance.net/gallery/49080415/Smartshop-Free-e-commerce-website # Version: 1 # Tested on: Kali linux ================================================= # […]
Exploit Title: SQL Injection Vulnerability in Issue Trak <= 7.0 (Possibly applicable up to version 9.7) Date: 05-28-2018 Vendor Homepage: http://issuetrak.com Version: Confirmed 7.0; <= 7.0 extremely likely; up to 9.7 very likely Google Dork: […]
# Exploit Title: Facebook Clone Script 1.0.5 – ‘search’ SQL Injection # Date: 2018-05-29 # Exploit Author: L0RD # Vendor Homepage: https://www.phpscriptsmall.com/product/facebook-clone/ # Version: 1.0.5 # Tested on: Win 10 # POC : SQLi : […]
# Exploit Title: Easy File Uploader 1.7 – SQL Injection / Cross-Site Scripting # Dork: N/A # Date: 22.05.2018 # Exploit Author: Özkan Mustafa Akkuş (AkkuS) # Vendor Homepage: https://codecanyon.net/item/easy-file-uploader-php-multiple-uploader-with-file-manager/17222287 # Version: 1.4 / fourth […]
# Exploit Title: Zechat 1.5 – ‘hashtag’ / ‘v’ SQL Injection / Cross site request forgery # Date: 2018-05-22 # Exploit Author: Borna nematzadeh (L0RD) or borna.nematzadeh123@gmail.com # Vendor Homepage: https://bylancer.com # Version: 1.5 # […]
# Exploit Title: PaulPrinting CMS Printing 1.0 – SQL Injection # Exploit Date: 2018-05-19 # Software Link: https://codecanyon.net/item/paulprinting-cms-printing-solutions/19546365 # Author: Mehmet Onder Key # Version: 1.0 # Tested On: Linux # 1. Description # Any […]
# Exploit Title: Nordex N149/4.0-4.5 Wind Turbine Web Server – SQL Injection # Date: 21-05-2018 # Exploit Author: t4rkd3vilz # Vendor Homepage: http://www.nordex-online.com # Tested on: Windows # Version: N149/4.0-4.5 Wind Turbine # Category: webapps […]
