sospiro@home:~$

Blog Posts

  • Petrol Pump Management Software 1.0 Shell Upload

    Exploit Title: Petrol pump management software - File Upload Remote Code Execution (RCE) (unauthenticated) Google Dork: N/A Application: Petrol pump management software Date: 20.02.2024 Bugs: File Upload Remote Code Execution (RCE) (unauthenticated) Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html Version: 1.0 Tested on: Windows 10 64 bit Wampserver...

  • Employee Management System 1.0 SQL Injection

    Exploit Title: Employee Management System - SQL Injection Google Dork: N/A Application: Employee Management System Date: 19.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/16999/employee-management-system.html Version: N/A Tested on: Windows 10 64 bit Wampserver CVE : N/A Vulnerability Description: In your code, there is a potential...

  • Tourism Management System 2.0 Shell Upload

    Exploit Title: Tourism Management System v2.0 - Arbitrary File Upload Google Dork: N/A Exploit Author: SoSPiro Date: 2024-02-18 Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/tourism-management-system-free-download/ Version: 2.0 Tested on: Windows 10 Pro Impact: Allows admin to upload all files to the web server CVE : N/A Exploit Description: The application is...

  • User Registration And Login And User Management System 3.1 SQL Injection

    Exploit Title: User Registration & Login and User Management System With admin panel 3.1 - SQL injection Application: User Registration & Login and User Management System Date: 17.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/ Tested on: Windows 10 64 bit Wampserver CVE : CVE-2024-28323...

  • Blood Bank And Donor Management System 2.2 Cross Site Scripting

    Exploit Title: Blood Bank & Donor Management System using v2.2 - Stored XSS Application: Blood Donor Management System Version: v2.2 -Bugs: Stored XSS Technology: PHP Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/blood-bank-donor-management-system-free-download/ Date: 12.09.2023 Author: SoSPiro Tested on: Windows POC Login to admin account Go to /admin/update-contactinfo.php Change “Adress” or “...