ZDI-24-1057: Trimble SketchUp Pro SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trimble SketchUp Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-7511.

Read More

Blind SQL Injection – dolphinv7.4.2.

Read Time:23 Second

Posted by Andrey Stoykov on Aug 04

# Exploit Title: Blind SQL Injection – dolphinv7.4.2.
# Date: 8/2024
# Exploit Author: Andrey Stoykov
# Version: 7.4.2
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2024/07/friday-fun-pentest-series-8-dolphinv742.html

SQL Injection:

Steps to Reproduce:

1. Navigate to “Builders” menu
2. The HTTP GET parameter of “?cat=builders” is displayed in the URL bar
3. That is the injection point

sqlmap -r…

Read More