New to me search engine for vulnerabilities and exploits. Archive.org reports its first mirroring of Sploitus as of today, 11 September 2018, so I assume I’m not too far behind in hearing about it.
Nice presentation of “Exploits of the week” on the homepage.
I searched for “xml injection” but the query as sent reads:
https://sploitus.com/?query=%22xml%20injection%22#exploits
Without the links, Sploitus returned (in part):
- Microsoft Baseline Security Analyzer 2.3 – XML External Entity Injection
- Microsoft Baseline Security Analyzer 2.3 XML Injection
- MedDream PACS Server Premium 6.7.1.1 – ’email’ SQL Injection
- Softneta MedDream PACS Server Premium 6.7.1.1 SQL Injection
- Apache Roller 5.0.3 XML Injection / File Disclosure
- Opsview Monitor 5.x Command Execution Vulnerability
Some vulnerabilties were covered by different sources, hence the duplication.
It isn’t clear to me how “xml injection” returns “SQL Injection” but I do like the sort by severity or date or default options.
Certainly a place I will be exploring more.
PS: Not to put too much emphasis on technical hacking. You could just call up tech support and have them reset the password for a known user account. Sometimes simple solution is the better solution.