sospiro@home:~$

Blog Posts

  • Art Gallery Management System Project v1.1 - SQL Injection

    Exploit Title: Art Gallery Management System Project v1.1 - SQL Injection Application: Art Gallery Management System Google Dork: N/A Date: 16.03.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/art-gallery-management-system-using-php-and-mysql/ Version: 1.1 Tested on: Windows 10 64 bit Wampserver Vulnerability Details Application Name: Art Gallery Management System...

  • Art Gallery Management System Project v1.1 - Reflected Cross-Site Scripting (XSS)

    Exploit Title: Art Gallery Management System Project v1.1 - Reflected Cross-Site Scripting (XSS) Application: Art Gallery Management System Google Dork: N/A Date: 16.03.2024 Bugs: Reflected XSS Exploit Author: SoSPiro Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/art-gallery-management-system-using-php-and-mysql/ Version: 1.1 Tested on: Windows 10 64 bit Wampserver Vulnerability Details Application Name: Art Gallery...

  • Membership Management System SQL injection + Insecure File Upload = Remote Code Execution

    Creating and operating a demo environment -> link <- SQL injection Vulnerability details : -> SQL injection <- File upload Vulnerability: The provided code is part of a Membership Management System. It contains a vulnerability known as “Insecure File Upload.” Insecure File Upload vulnerabilities arise when a web application allows...

  • Membership Management System - SQL injection

    Title: Membership Management System - SQL injection Application: Membership Management System Date: 01.03.2024 Bugs: SQL injection Exploit Author: SoSPiro Vendor Homepage: https://codeastro.com/author/nbadmin/ Software Link: https://codeastro.com/membership-management-system-in-php-with-source-code/ Version: 1.0 Tested on: Windows 10 64 bit Wampserver Vulnerability Description: The provided payload in the POST request indicates a potential SQL injection vulnerability. Specifically,...

  • Hospital Management System 1.0 Insecure Direct Object Reference / Account Takeover

    Exploit Title: Hospital Management System - IDOR + Accaunt Takeover Application: Hospital Management System Date: 27.02.2024 Bugs: IDOR + Accaunt Takeover Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/16720/free-hospital-management-system-small-practices.html Version: 1.0 Tested on: Windows 10 64 bit Wampserver Description: This report focuses on two vulnerabilities known as “Insecure Direct...