appsec.fyi · Sources

exploit-db.com

6 curated AppSec resources from exploit-db.com across 4 topics on appsec.fyi.

exploit-db.com

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-19.

SQLi 2 SSTI 2 Deser 1 XXE 1
Date Added Resource Excerpt
2026-04-19 2026Deserialization Vulnerability — Exploit-DB PaperDeserDeserialization Vulnerability — Exploit-DB Paper
2026-04-17 2026Atlassian Confluence Widget Connector Macro SSTI (ExploitDB)SSTITool for exploiting CVE-2019-3396 in Atlassian Confluence's Widget Connector macro. This script enables path traversal for file disclosure and directory listing, as well as Remote Code Execution (RCE) by uploading a crafted Velocity template. The RCE functionality requires an authenticated session to upload the template to a user's personal space, while path traversal can be exploited without authentication to browse server file systems.
2026-04-16 2026Exploiting XXE via File Uploads (SVG, XLSX, DOCX)XXEExploiting XXE via File Uploads (SVG, XLSX, DOCX)
2026-04-10 2026Exploit-DB: Twig 2.4.4 Server Side Template InjectionSSTIWriteup of Twig <2.4.4 Server Side Template Injection, an SSTI vulnerability allowing command execution via template parameters. Attackers can inject code like `{{ls}}` into parameters, bypassing expected values to run arbitrary commands, as demonstrated by injecting `{{4*4}}` to return `16`.
2025-08-14 2025Vulnerability analysis, Security Papers, Exploit Tutorials - Part 12975SQLiLibrary detailing MSSQL injection techniques, including basic SQL injection, blind SQL injection, and advanced methods utilizing extended stored procedures. It covers testing for vulnerabilities, bypassing authentication, evading audit logs, and includes a cheat sheet for MSSQL queries and countermeasures, as well as a Perl script for finding vulnerable sites.
2016-04-20 2016Vulnerability analysis, Security Papers, Exploit Tutorials - Part 12975SQLiPaper detailing advanced MSSQL injection techniques, including ODBC error message attacks, UNION attacks, and exploiting extended stored procedures. It covers blind SQL injection enumeration, explains common vulnerabilities in applications like Joomla, Mambo, and WordPress, and provides methods for testing for SQL injection flaws using single quotes and OR/AND operations. The document also touches upon audit log evasion and the creation of mass MSSQL injection worms, concluding with countermeasures against these attacks.