This whitepaper details some novel methods of exploiting blind XPath 2.0 injection flaws that can be used to retrieve the whole document being queried (and others on the filesystem) without needing a large number of requests. It also covers exploiting some common XML databases.
bb958f4f5dc663b2b29dda1a486d1e5c6aaa2c1a738838917678623686d2a543Whitepaper called Hacking Oracle from the Web: Exploiting SQL Injection from Web Applications.
79d7a613b30646f28183095a34cb7269351d1fcc8c121d569257117938cc0ca4Oracle 10g SYS.LT.COMPRESSWORKSPACETREE remote SQL injection exploit.
e9924b3bff08566bd48f6a9c4c132a428ac601054dee9aa70008401001dc6b3cBsqlbf was originally written by A. Ramos from www.514.es and was intended to exploit blind sql injection against mysql backend database. This is a modified version of the same tool. It supports blind sql injection against the following databases: MS-SQL, MY-SQL, PostgresSQL, and Oracle.
c091db89e6b694d98f6c7efbfa64437271a49377901cfc83e7daae6a73b121f3Wordpress version 2.1.2 xmlrpc remote SQL injection exploit.
301a64d03bcf2fe9803fa9e51f792ea0e5f3fcdfad48ee40a92fcd1812328367Multiple bugs were discovered in Yahoo which can allow XSS and URL redirection.
e1e3e813dcfef49b0c3ecc32996e1eab0304d56bc11d1c5bde50e3c747dc1c0cPerl-Cal version 2.99.20, the CGI script written by Acme Software, is susceptible to cross site scripting.
409897c86dca6af8b40a1da0d915383377f662d53d49fbe1013b03ea0ee1c830
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed