#sql

This archive holds a whitepaper called Introduction to Web Pentesting. It provides basic configuration for Burpsuite Proxy along with basic exploitation cross site scripting, SQL injection, cross site request forgery, and open redirects. Two copies of the whitepaper are included. One is in English and one is in Bulgarian.

Joomla JLex GuestBook extension version 1.6.4 suffers from a cross site scripting vulnerability.

Cryptolive CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

CRM Education Akademik version 9.0 suffers from a directory traversal vulnerability.

Creative Commons Attribution version 3.0 suffers from a remote SQL injection vulnerability.

Coupons CMS version 4.00 suffers from an open redirection vulnerability.

Given the privileged position these devices occupy on the networks they serve, they are prime targets for attackers, so their security posture is of paramount importance.

Cross Site Scripting vulnerability in Faculty Evaulation System using PHP/MySQLi v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the page parameter.

Joomla JLex Review extension version 6.0.1 suffers from a cross site scripting vulnerability.

Online Lab Diagnostic Management version 1.0 suffers from a remote SQL injection vulnerability.