{"id":45679,"date":"2023-07-27T18:50:26","date_gmt":"2023-07-27T14:50:26","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/173789\/xforupsfu10-sql.txt"},"modified":"2023-08-02T10:11:10","modified_gmt":"2023-08-02T05:41:10","slug":"xforup-simple-file-uploader-1-0-sql-injection","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/xforup-simple-file-uploader-1-0-sql-injection\/","title":{"rendered":"xForUp Simple File Uploader 1.0 SQL Injection"},"content":{"rendered":"<dl id=\"F173789\" class=\"file first\">\n<dt><a class=\"ico text-plain\" title=\"Size: 1.2 KB\" href=\"https:\/\/packetstormsecurity.com\/files\/download\/173789\/xforupsfu10-sql.txt\" target=\"_blank\" rel=\"noopener\"><strong>xForUp Simple File Uploader 1.0 SQL Injection<\/strong><\/a><\/dt>\n<dd class=\"datetime\">Posted <a title=\"14:23:33 UTC\" href=\"https:\/\/packetstormsecurity.com\/files\/date\/2023-07-27\/\" target=\"_blank\" rel=\"noopener\">Jul 27, 2023<\/a><\/dd>\n<dd class=\"refer\">Authored by <a class=\"person\" href=\"https:\/\/packetstormsecurity.com\/files\/author\/7697\/\" target=\"_blank\" rel=\"noopener\">indoushka<\/a><\/dd>\n<dd class=\"detail\">xForUp Simple File Uploader version 1.0 suffers from a remote SQL injection vulnerability.<\/dd>\n<dd class=\"tags\">tags | <a href=\"https:\/\/packetstormsecurity.com\/files\/tags\/exploit\" target=\"_blank\" rel=\"noopener\">exploit<\/a>, <a href=\"https:\/\/packetstormsecurity.com\/files\/tags\/remote\" target=\"_blank\" rel=\"noopener\">remote<\/a>, <a href=\"https:\/\/packetstormsecurity.com\/files\/tags\/sql_injection\" target=\"_blank\" rel=\"noopener\">sql injection<\/a>, <a href=\"https:\/\/packetstormsecurity.com\/files\/tags\/file_upload\" target=\"_blank\" rel=\"noopener\">file upload<\/a><\/dd>\n<dd class=\"md5\">SHA-256 | <code>361651b4acd30ddc2f3f044531153e1a0b18342e97aaf21d8d9a9cdeebb3c58c<\/code><\/dd>\n<dd class=\"act-links\"><a title=\"Size: 1.2 KB\" href=\"https:\/\/packetstormsecurity.com\/files\/download\/173789\/xforupsfu10-sql.txt\" rel=\"nofollow noopener\" target=\"_blank\">Download<\/a> | <a class=\"fav\" href=\"https:\/\/packetstormsecurity.com\/files\/favorite\/173789\/\" rel=\"nofollow noopener\" target=\"_blank\">Favorite<\/a> | <a href=\"https:\/\/packetstormsecurity.com\/files\/173789\/xForUp-Simple-File-Uploader-1.0-SQL-Injection.html\" target=\"_blank\" rel=\"noopener\">View<\/a><\/dd>\n<\/dl>\n<div class=\"src\">\n<pre><code>====================================================================================================================================\r\n| # Title : xForUp simple file uploader V1.0 Sql injection Vulnerability |\r\n| # Author : indoushka |\r\n| # Tested on : windows 10 Fran\u00e7ais V.(Pro) |\r\n| # Vendor : https:\/\/github.com\/munafaqeelmahdi\/xForUp-simple-file-uploader-with-php | \r\n====================================================================================================================================<\/code><\/pre>\n<p>poc :<\/p>\n<pre><code><\/code><\/pre>\n[+] Dorking \u0130n Google Or Other Search Enggine .<\/p>\n<pre><code><\/code><\/pre>\n[+] http:\/\/127.0.0.1\/pages.php?page=17 &lt;======| inject here<\/p>\n<pre><code><\/code><\/pre>\n[+] Panel : http:\/\/127.0.0.1\/admin\/<\/p>\n<pre><code><\/code><\/pre>\n<p>Greetings to :=================================================================<br \/>\njericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br \/>\n===============================================================================<\/p>\n<pre><code><\/code><\/pre>\n<p>&nbsp;<\/p>\n<pre><code><\/code><\/pre>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>xForUp Simple File Uploader 1.0 SQL Injection Posted Jul 27, 2023 Authored by indoushka xForUp Simple File Uploader version 1.0 suffers from a remote SQL injection vulnerability. tags | exploit, remote, sql injection, file upload SHA-256 | 361651b4acd30ddc2f3f044531153e1a0b18342e97aaf21d8d9a9cdeebb3c58c Download | Favorite | View ==================================================================================================================================== | # Title : xForUp simple file uploader V1.0 Sql injection &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-45679","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45679","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=45679"}],"version-history":[{"count":2,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45679\/revisions"}],"predecessor-version":[{"id":45958,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45679\/revisions\/45958"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=45679"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=45679"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=45679"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}