Blog Posts
-
Art Gallery Management System Project v1.1 - SQL Injection
Exploit Title: Art Gallery Management System Project v1.1 - SQL Injection Application: Art Gallery Management System Google Dork: N/A Date: 16.03.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/art-gallery-management-system-using-php-and-mysql/ Version: 1.1 Tested on: Windows 10 64 bit Wampserver Vulnerability Details Application Name: Art Gallery Management System...
-
Art Gallery Management System Project v1.1 - Reflected Cross-Site Scripting (XSS)
Exploit Title: Art Gallery Management System Project v1.1 - Reflected Cross-Site Scripting (XSS) Application: Art Gallery Management System Google Dork: N/A Date: 16.03.2024 Bugs: Reflected XSS Exploit Author: SoSPiro Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/art-gallery-management-system-using-php-and-mysql/ Version: 1.1 Tested on: Windows 10 64 bit Wampserver Vulnerability Details Application Name: Art Gallery...
-
Membership Management System SQL injection + Insecure File Upload = Remote Code Execution
Creating and operating a demo environment -> link <- SQL injection Vulnerability details : -> SQL injection <- File upload Vulnerability: The provided code is part of a Membership Management System. It contains a vulnerability known as “Insecure File Upload.” Insecure File Upload vulnerabilities arise when a web application allows...
-
Membership Management System - SQL injection
Title: Membership Management System - SQL injection Application: Membership Management System Date: 01.03.2024 Bugs: SQL injection Exploit Author: SoSPiro Vendor Homepage: https://codeastro.com/author/nbadmin/ Software Link: https://codeastro.com/membership-management-system-in-php-with-source-code/ Version: 1.0 Tested on: Windows 10 64 bit Wampserver Vulnerability Description: The provided payload in the POST request indicates a potential SQL injection vulnerability. Specifically,...
-
Hospital Management System 1.0 Insecure Direct Object Reference / Account Takeover
Exploit Title: Hospital Management System - IDOR + Accaunt Takeover Application: Hospital Management System Date: 27.02.2024 Bugs: IDOR + Accaunt Takeover Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/16720/free-hospital-management-system-small-practices.html Version: 1.0 Tested on: Windows 10 64 bit Wampserver Description: This report focuses on two vulnerabilities known as “Insecure Direct...