#sqli — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #sqli, aggregated by home.social.
-
El lado del mal - Un "Hardening Tip" de BBDD - de mi Lost & Found - contra las "Heavy Queries Malignas" https://elladodelmal.com/2026/04/un-hardening-tip-de-bbdd-de-mi-lost.html #SQLi #hardening #BBDD #HeavyQueries #SQL
-
El lado del mal - Un "Hardening Tip" de BBDD - de mi Lost & Found - contra las "Heavy Queries Malignas" https://elladodelmal.com/2026/04/un-hardening-tip-de-bbdd-de-mi-lost.html #SQLi #hardening #BBDD #HeavyQueries #SQL
-
El lado del mal - Un "Hardening Tip" de BBDD - de mi Lost & Found - contra las "Heavy Queries Malignas" https://elladodelmal.com/2026/04/un-hardening-tip-de-bbdd-de-mi-lost.html #SQLi #hardening #BBDD #HeavyQueries #SQL
-
El lado del mal - Un "Hardening Tip" de BBDD - de mi Lost & Found - contra las "Heavy Queries Malignas" https://elladodelmal.com/2026/04/un-hardening-tip-de-bbdd-de-mi-lost.html #SQLi #hardening #BBDD #HeavyQueries #SQL
-
El lado del mal - Un "Hardening Tip" de BBDD - de mi Lost & Found - contra las "Heavy Queries Malignas" https://elladodelmal.com/2026/04/un-hardening-tip-de-bbdd-de-mi-lost.html #SQLi #hardening #BBDD #HeavyQueries #SQL
-
Published the writeup for the authenticated SQL injection vulnerability in Kanboard - CVE-2026-33058.
https://0dave.ch/posts/cve-2026-33058/
https://www.cve.org/CVERecord?id=CVE-2026-33058
https://github.com/kanboard/kanboard/security/advisories/GHSA-f62r-m4mr-2xhh -
🚨 CRITICAL: CVE-2026-2584 in Ciser CSIP firmware 3.0 – 5.1 enables unauthenticated SQL injection via login interface. Config data at risk — patch not yet released. Restrict access & monitor now. https://radar.offseq.com/threat/cve-2026-2584-cwe-89-improper-neutralization-of-sp-3951e11b #OffSeq #CVE20262584 #SQLi #FirmwareSecurity
-
🚨 CRITICAL: CVE-2026-2584 in Ciser CSIP firmware 3.0 – 5.1 enables unauthenticated SQL injection via login interface. Config data at risk — patch not yet released. Restrict access & monitor now. https://radar.offseq.com/threat/cve-2026-2584-cwe-89-improper-neutralization-of-sp-3951e11b #OffSeq #CVE20262584 #SQLi #FirmwareSecurity
-
🚨 CRITICAL: CVE-2026-2584 in Ciser CSIP firmware 3.0 – 5.1 enables unauthenticated SQL injection via login interface. Config data at risk — patch not yet released. Restrict access & monitor now. https://radar.offseq.com/threat/cve-2026-2584-cwe-89-improper-neutralization-of-sp-3951e11b #OffSeq #CVE20262584 #SQLi #FirmwareSecurity
-
🚨 CRITICAL: CVE-2026-2584 in Ciser CSIP firmware 3.0 – 5.1 enables unauthenticated SQL injection via login interface. Config data at risk — patch not yet released. Restrict access & monitor now. https://radar.offseq.com/threat/cve-2026-2584-cwe-89-improper-neutralization-of-sp-3951e11b #OffSeq #CVE20262584 #SQLi #FirmwareSecurity
-
Why
do we still
have SQL injection vulnerabilities?
I mean, comeon man.
https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html
-
#PHP and #Wordpress are good if you Master. If you didn't, give more time on testing, else you can be target of old known vulnerabilities like SQLi, that use the same technique after more than 20 years. https://blog.odicforcesounds.com/preteanSecurity.html #security #SQLi #hacking #exploits and other #fun #tools avaiable for #free on #Internet :)
-
🐶 CVE-2025-10396: MEDIUM severity SQL injection in SourceCodester Pet Grooming Mgmt 1.0 (/admin/edit_role.php, ID param). Remote, unauthenticated exploit risk—no patch yet. Apply WAF, limit access, monitor logs. Details: https://radar.offseq.com/threat/cve-2025-10396-sql-injection-in-sourcecodester-pet-0c841b0a #OffSeq #SQLi #VulnResearch
-
🐶 CVE-2025-10396: MEDIUM severity SQL injection in SourceCodester Pet Grooming Mgmt 1.0 (/admin/edit_role.php, ID param). Remote, unauthenticated exploit risk—no patch yet. Apply WAF, limit access, monitor logs. Details: https://radar.offseq.com/threat/cve-2025-10396-sql-injection-in-sourcecodester-pet-0c841b0a #OffSeq #SQLi #VulnResearch
-
🐶 CVE-2025-10396: MEDIUM severity SQL injection in SourceCodester Pet Grooming Mgmt 1.0 (/admin/edit_role.php, ID param). Remote, unauthenticated exploit risk—no patch yet. Apply WAF, limit access, monitor logs. Details: https://radar.offseq.com/threat/cve-2025-10396-sql-injection-in-sourcecodester-pet-0c841b0a #OffSeq #SQLi #VulnResearch
-
#Django: Patches released to fix CVE-2025-57833 SQL injection #SQLi
#vulnerability :
👇
https://cybersecuritynews.com/django-sql-injection-vulnerability/ -
Evasión avanzada de SQLi (IDS/WAF): técnicas manuales explicadas https://blog.elhacker.net/2025/09/evasion-avanzada-sqli-ids-waf.html #evasion #sqli #ids #waf
-
🛡️ CRITICAL: Komento (Joomla 4.0.0-4.0.7) hit by unauth SQLi (CVE-2025-54294). No patch yet—disable Komento, use WAF, restrict DB rights. Attackers can fully compromise data! Details: https://radar.offseq.com/threat/cve-2025-54294-cwe-89-improper-neutralization-of-s-da821b19 #OffSeq #Joomla #SQLi #Infosec
-
🚨 CRITICAL SQLi (CVE-2025-6169) in HAMASTAR WIMP enables unauthenticated remote DB access (CVSS 9.8). All project data at risk—restrict WIMP exposure, deploy WAF, monitor logs, and tighten DB access. Patch unavailable. More at https://radar.offseq.com/threat/cve-2025-6169-cwe-89-improper-neutralization-of-sp-8b104354 #OffSeq #SQLi #Vuln #HAMASTAR #ConstructionSecurity
-
🚨 CRITICAL SQLi (CVE-2025-6169) in HAMASTAR WIMP enables unauthenticated remote DB access (CVSS 9.8). All project data at risk—restrict WIMP exposure, deploy WAF, monitor logs, and tighten DB access. Patch unavailable. More at https://radar.offseq.com/threat/cve-2025-6169-cwe-89-improper-neutralization-of-sp-8b104354 #OffSeq #SQLi #Vuln #HAMASTAR #ConstructionSecurity
-
Latest lab write-up. Came out a bit long but very informative.
https://medium.com/@marduk.i.am/blind-sql-injection-with-conditional-responses-46ee90b5f2c0
#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #Portswigger
-
Codeby.Games. CTF TASK «СМС»/«SMS»
Приветствую всех любителей CTF и этичного хакинга на стороне Red Team! В этой статье мы рассмотрим прохождение легкого таска «СМС», разработанного пентестерами из команды Codeby.Games. Справка: codeby.games — отечественный условно бесплатный веб‑проект, где каждый может попрактиковаться в оттачивании навыков наступательной кибербезопасности. Таски (задания) представлены в широком спектре: начиная от использования методов OSINT и заканчивая компрометацией учебного домена Active Directory. CTF разделяются на три группы — «Легкий», «Средний», «Сложный» в различных категориях. Но подробнее об этом — на официальном сайте проекта. Итак, приступим. Задание «СМС» находится в категории «Квесты».
-
It's been a while but here is another SQLi lab. Enjoy!
#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs
-
I wrote a quick #blogpost on #ntlm authentication with #sqlmap using #burpsuite proxy.
https://bbence.me/blog/2025-03-09_ntlm_auth/
I did this as a workaround, since the `python-ntlm` package that SQLMap wants still uses Python 2's syntax for some reason and SQLMap does not like that.
-
I wrote a quick #blogpost on #ntlm authentication with #sqlmap using #burpsuite proxy.
https://bbence.me/blog/2025-03-09_ntlm_auth/
I did this as a workaround, since the `python-ntlm` package that SQLMap wants still uses Python 2's syntax for some reason and SQLMap does not like that.
-
I wrote a quick #blogpost on #ntlm authentication with #sqlmap using #burpsuite proxy.
https://bbence.me/blog/2025-03-09_ntlm_auth/
I did this as a workaround, since the `python-ntlm` package that SQLMap wants still uses Python 2's syntax for some reason and SQLMap does not like that.
-
I wrote a quick #blogpost on #ntlm authentication with #sqlmap using #burpsuite proxy.
https://bbence.me/blog/2025-03-09_ntlm_auth/
I did this as a workaround, since the `python-ntlm` package that SQLMap wants still uses Python 2's syntax for some reason and SQLMap does not like that.
-
Completed the SQLMap Essentials module on HTB Academy. The skills assessment was quite tough, but solid practice. Moving on.
https://academy.hackthebox.com/achievement/922218/58
#hackthebox #htbacademy #cybersecurity #sqli #sqlmap #sqlinjection #bugbounty #learningjourney
-
Completed the SQLMap Essentials module on HTB Academy. The skills assessment was quite tough, but solid practice. Moving on.
https://academy.hackthebox.com/achievement/922218/58
#hackthebox #htbacademy #cybersecurity #sqli #sqlmap #sqlinjection #bugbounty #learningjourney
-
Completed the SQLMap Essentials module on HTB Academy. The skills assessment was quite tough, but solid practice. Moving on.
https://academy.hackthebox.com/achievement/922218/58
#hackthebox #htbacademy #cybersecurity #sqli #sqlmap #sqlinjection #bugbounty #learningjourney
-
I just completed module SQL Injection Fundamentals in HTB Academy!
My first HTBA module of medium difficulty 🚀
The best one so far 👍
https://academy.hackthebox.com/achievement/922218/33
#hackthebox #htbacademy #cybersecurity #BugBounty #sqli #sqlinjection
-
Remote Code Execution через SQL инъекцию в Zabbix (CVE-2024-42327)
27 ноября 2024 года была выявлена критическая уязвимость в Zabbix с CVSS-оценкой 9.9 , представляющая собой SQL-инъекцию в одном из эндпоинтов API Zabbix. Уязвимость позволяет атакующему, имеющему доступ к API, выполнить произвольные SQL-запросы. При определённых настройках Zabbix, которые разрешают удалённое выполнение команд через агентов, эта уязвимость может быть использована для полной компрометации инфраструктуры , находящейся под мониторингом Zabbix.
-
Last in a series of 3 labs. Enjoy
#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs
-
Seria podatności w systemach samochodów Mazda dotycząca Connectivity Master Unit
Czytelnicy z dłuższym stażem zapewne pamiętają podatność w samochodach Nissan i Mazda, która powodowała reboot systemu audio. Mazda ponownie ma problemy związane z błędami w systemie Mazda Connect Connectivity Master Unit (CMU), który wykorzystuje system operacyjny Linux i jest instalowany w wielu modelach samochodów tego producenta. Błędy zostały odkryte przez badaczy...
#WBiegu #Cve #Mazda #Rce #Sqli
https://sekurak.pl/seria-podatnosci-w-systemach-samochodow-mazda-dotyczaca-connectivity-master-unit/