Skip to content

sysdream/sf2-profiler-exploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
sf2-profiler-sqli.py
sf2-profiler-sqli.py
 
 
sfserialize.py
sfserialize.py
 
 

Repository files navigation

Symfony2 < 2.5.4 profiler exploit

This exploit abuses a feature of Symfony2's web profiler allowing anyone to inject and explain SQL queries.

Example:

$ python sf2-profiler-sqli.py --url http://localhost/ --table example_user --columns id,username,password

The above example extracts the id,username and password of each example_user table record and display their contents.

More info

Read the related paper.

About

Symfony2 < 2.5.4 profiler exploit

Resources

Readme

License

GPL-2.0 license
Activity
Custom properties

Stars

13 stars

Watchers

6 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages