Back to directory
WRITEUP #1774

Multiple authenticated blind SQL Injections in Sage XRT Business Exchange application

SQL InjectionBlind SQL injection
by@mickaelweb(Mickaël Benassouli)
Program
Sage
Published
Dec 21, 2022
Added to HackDex
Mar 2, 2023
Read Full Writeuphttps://www.synacktiv.com/sites/default/files/2022-12/sage_xrt_multiple_sqli_1.pdf
RELATED WRITEUPS
Directory Traversal, SQL Injection and Server-Side Request Forgery
SQL InjectionPath traversal
Breaking Down Barriers: Exploiting Pre-Auth SQL Injection In WhatsUp Gold - CVE-2024-6670
SQL InjectionReverse engineering
Bypassing airport security via SQL injection
SQL Injection
World of SELECT-only PostgreSQL Injections: (Ab)using the filesystem
SQL Injection
Exploiting authorization by nonce in WordPress plugins
RCEArbitrary file upload

Built with ❤️ by Shubham Rawat