Tags archives: sql-injection

 

 

 

 

 

 

0

Joomla Content History SQL Injection Remote Code Execution

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require 'msf/core'   class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking   include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper   def initialize(info={}) super(update_info(info, 'Name' => "Joomla Content History SQLi Remote Code Execution", 'Description' => %q{ This module exploits a SQL injection vulnerability found in Joomla versions [...]

 

0

WP Fastest Cache 0.8.4.8 Blind SQL Injection

# Exploit Title: WP Fastest Cache 0.8.4.8 Blind SQL Injection # Date: 11-11-2015 # Software Link: https://wordpress.org/plugins/wp-fastest-cache/ # Exploit Author: Kacper Szurek # Contact: http://twitter.com/KacperSzurek # Website: http://security.szurek.pl/ # Category: webapps   1. Description   For this vulnerabilities also WP-Polls needs to be installed.   Everyone can access wpfc_wppolls_ajax_request().   $_POST["poll_id"] is not escaped properly. [...]

 

0

WordPress Pie Register 2.0.18 SQL Injection

Details ================ Software: Pie Register Version: 2.0.18 Homepage: https://github.com/GTSolutions/Pie-Register CVE: CVE-2015-7682 (Pending) CVSS: 3.5 (Low; AV:N/AC:M/Au:S/C:P/I:N/A:N) CWE: CWE-89   Description ================ Two blind SQL injection vulnerabilities in Pie Register 2.0.18 allow SQL injection by admins leading to loss of database confidentiality. Pie Register is a WordPress plugin with over 10,000 active installs.   Vulnerabilities ================ [...]

 

0

Joomla JNews SQL Injection

# Description of the component: Reach, engage and delight more customers with newsletters, auto-responders or campaign management.   ################################################################################################## # Exploit Title: [Joomla component com_jnews - SQL injection] # Google Dork: [inurl:option=com_jnews] # Date: [2015-10-29] # Exploit Author: [Omer Ramić] # Twitter: https://twitter.com/sp_omer # Vendor Homepage: [http://www.joobi.co/] # Software Link: [http://www.joobi.co/index.php?option=com_content&view=article&id=8652&Itemid=3031] # Version: [8.5.1] & [...]

 

0

WordPress Unite Gallery Lite 1.4.6 CSRF / SQL Injection

# Title: Cross-Site Request Forgery & SQL Injection Vulnerabilities in Unite Gallery Lite Wordpress Plugin v1.4.6 # Submitter: Nitin Venkatesh # Product: Unite Gallery Lite Wordpress Plugin # Product URL: https://wordpress.org/plugins/unite-gallery-lite/ # Vulnerability Type: Cross-site Request Forgery [CWE-352], Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')[CWE-89] # Affected Versions: v1.4.6 and [...]