12 writeups tagged with SQLi
IIS 10.0 running Kartris eCommerce on Windows. SQL injection and .NET deserialization chain leads to code execution and privilege escalation.
Custom PHP forum on Fedora Linux with MariaDB. SQL injection bypasses authentication, leading to file write and shell upload.
OpenEMR medical records application. Exploited a pre-auth SQL injection CVE and file upload for shell access.
FTP with anonymous access reveals helpdesk application credentials. SQL injection and file upload lead to remote code execution.
SQLi on login page, LFI reveals PHP source. MSSQL xp_cmdshell for shell. Firefox DPAPI credential decryption leads to Domain Admin via ADCS.
Magic Portfolio with SQLi bypass on login. File upload bypass with double extension for PHP webshell. mysqldump credential extraction and SUID sysinfo for root.
Nagios XI SNMP credential leak, auth bypass CVE-2023-40931 for API key theft. SQL injection creates admin account for RCE via malicious script.
Laravel admin panel SQL injection via search parameter. Malicious PNG for RCE via file upload. Wildcard file read on sudo binary for root flag.
SQL injection via stored procedure triggers NTLM hash capture. Responder catches hash, crack for WinRM. Ubiquiti UniFi privesc via service abuse.
SQL injection in hotel booking app. Sqlmap writes a PHP webshell. Sudo script with command injection, SUID systemctl for root.
Magento 1.9 SQLi creates an admin account; Magento Froghopper achieves RCE. Sudo vim executes a shell as root.
DNS zone transfer reveals hidden vhosts. SQL injection login bypass, OS command injection for shell, cron privesc.
