Exploit for CVE-2024-8504 & CVE-2024-8503: SQLi and RCE darkwebinformer.com/exploit-for-...#exploit#exploitation#cve#vulnerability#cybersecurity#informationsecurity
Exploit for CVE-2024-8504 & CVE-2024-8503: SQLi and RCE
O normal é a opção 1, viu?! Já mandei alguns e-mails pra empresas e nunca fui respondido. Esse último q achei um blind sqli, reportei a síndica e em seguida a empresa. Apenas a síndica acatou e cancelou o contrato com o app, mas a empresa nunca me deu um “oi cachorro”.
Na explicação jurídica q tive lá no X, o ato de invadir, no caso explorando a brecha do blind sqli, já caberia processo segundo o pessoal q manja de direito digital respondeu.
Eu tbm achava, mas não é. Me explicaram no X qnd achei uma vuln em um app de condomínio, q iriam instalar aqui no prédio. Achei uma brecha com blind sqli q retornava dados sensíveis de usuários. @sushicomabacate.com kd o povo das leis digitais pra explicar melhor?!
SQLI auf der dmexco 2024: Die Zukunft des Digital Commerce aktiv mitgestalten #Internet#ECommerce
Praxisnahe Einblicke und konkrete Lösungen für die digitale Zukunft
Mercredi c’est R⃥a⃥v⃥i⃥o⃥l⃥i⃥ Ivanti 🤡 10 CVE dont : - RCE preauth par deserialisation CVSS=10/10 (CVE-2024-29847) - SQLi post-auth qui permettant une RCE (CVE-2024-32840, -32842, -32843, -32845, -32846, -32848, -34783, -34785) infosec.exchange/@screaminggo...
Something I often find during my security audits: vulnerable code, such as SQLi, which is accidently protected by other code. 🙃 It's always frustrating to go from finding SQLi and doing a Dr Evil impression 😈 to realising it's unexploitable due to some random validator... 😭
🚨 Be careful with ready-made exam solutions! 🚨 One of the ready-made solutions to the Polish INF.03 practical exam is vulnerable to both SQLi and XSS!
On Polish INF.03 practical exams, there is a list of MySQL-related functions, but one very important function - "mysqli_real_escape_string", which is used to protect against SQLi, is missing!
Id: CVE-2024-8348 Score: Score: 6.3 Status: Awaiting Analysis Details: Critical SQLi in SourceCodester CMS v1. 0 lets attackers run code via delete_category in Master. php. Source: nvd.nist.gov/vuln/detail/CVE-2024-8348