Collaborate Disseminate
we have found SQL injection on a PostgreSQL database. Stacked and UNION payloads. We have created a table to store data as needed and the UNION to extract either from the table or to pull out data such as version()
So, I learned about data… Continue reading Using database_to_xml in SQL Injection on PostgreSQL doesn’t show data
An unauthenticated SQL injection vulnerability in Halo ITSM could have been exploited to read, modify, or insert data.
The post Halo ITSM Vulnerability Exposed Organizations to Remote Hacking appeared first on SecurityWeek.
Continue reading Halo ITSM Vulnerability Exposed Organizations to Remote Hacking
I want to test a web-app to check if it protected from SQLi or not. Username requires an email address and login button doesn’t work until the email address is in a valid format.
Which means there’s no possibility to use ‘ or 1=1 — in the… Continue reading How to test SQLi on web-app that requires a certain input format? [closed]
I want to test a web-app to check if it protected from SQLi or not.
Username is email address and login page doesn’t prompt to login until the email address is (like abc@google.com etc.) and password.
Which means there’s no login prompt wi… Continue reading How to check SQLi on which username is based on email address [closed]
I have found a WordPress site where the WP scanner provided me with:
[!] Title: Realtyna Organic IDX plugin < 4.14.8 – Unauthenticated SQLi
| Fixed in: 4.14.8
| References:
| – https://wpscan.com/vulnerability/d22a60bc-b… Continue reading How this SQL injection vulnerability could cause problems? [closed]
I’m starting out as a bug bounty hunter and found a website that might have a problem yet I’m unsure if its exploitable or not.
When sending any payload that contains % I get an error:
Invalid query parameters: invalid %-encoding (21%)
XE Group, a cybercriminal outfit that has been active for over a decade, has been quietly exploiting zero-day vulnerabilities (CVE-2025-25181, CVE-2024-57968) in VeraCore software, a popular solution for warehouse management and order fulfillment. Acco… Continue reading Cybercrime gang exploited VeraCore zero-day vulnerabilities for years (CVE-2025-25181, CVE-2024-57968)
I have set up a virtual lab using VMware with the following machines:
Ubuntu (Running Snort for intrusion detection)
Kali Linux (Used as the attacking machine)
Metasploitable 2 (Hosting Mutilidae, a vulnerable web application)
All machin… Continue reading Snort Not Detecting SQL Injection Attempts on Mutilidae [closed]
VMware warns that a malicious user with network access may be able to use specially crafted SQL queries to gain database access.
The post VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer appeared first on SecurityWeek.
Continue reading VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer
I’m trying to configure Snort (version 2.9.20) to detect SQL injection attempts. I’ve set up Apache2, PHP (8.3.6), MySQL (8.0.40), and Mutillidae to simulate SQL injection attacks via a form. While Snort successfully detects ICMP (ping) an… Continue reading Snort not detecting SQL injection alerts despite proper configuration