-
CSRF vulnerability on qdPM 9.2 (CVE-2022-26180)
Objective Our target is qdPM, a free project management tool. The tool with the 9.2 version is vulnerable to Cross-site Request Forgery and we are going to inspect the application to leverage the vulnerability. First, we will try to exploit ourselves then we will check the defined CVE and exploit.
-
The exploitation of a vulnerability named Log4Shell (CVE-2021-44228)
Intro This lab covers the exploitation of a vulnerability in Log4j. Apache Solr 8.11.0 is running on the target machine which this version of the software is prone to vulnerable log4j package (CVE-2021-44228). The application itself runs on Java 1.8.0_181. Enum We can see clear indicators of log4j used for logging activity when we browse […]
-
CVE-2020-29168: Online Doctor Appointment Booking System PHP and Mysql 1.0 – ‘q’ SQL Injection
An SQL injection vulnerability was discovered in PHP Doctor Appointment System by me on 11/16/2020.