Lucene search
K

7 matches found

securityvulns
securityvulns
added 2010/11/30 12:0 a.m.241 views

SQL injection and Path Disclosure Auth Bypass in 4images 1.7.X

-----------Summary----------- eVuln ID: 200 Software: "Powered by 4images" Vendor: PHP Web Scripts Version: 4images 1.7.X dork: "Powered by 4images" Critical Level: medium Type: SQL injection and Path Disclosure Status: Unpatched. No reply from developers PoC: Available Solution: Not available...

0.3AI score
Exploits0
Cvelist
Cvelist
added 2006/10/11 1:0 a.m.25 views

CVE-2006-5236

SQL injection vulnerability in search.php in 4images 1.7.x allows remote authenticated users to execute arbitrary SQL commands via the searchuser parameter...

7.9AI score0.02009EPSS
Exploits1References9
Packet Storm
Packet Storm
added 2006/10/09 12:0 a.m.67 views

4images-sql.txt

!/usr/bin/php ", $page die"Failed.."; else die"Table Prefix: $tab\n"; if$argv4 $pipe = fsockopen$argv1,80; if!$pipe die"Cannot connect to host."...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2006/10/08 12:0 a.m.38 views

4images 1.7.x (search.php) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/php ?php / 4images 1.7.x Remote SQL Injection Vulnerability Usage: php file.php host path table prefix user id Googledork "powered by 4images 1.7.x" Vulnerability: Disfigure Research: h3llfyr3 Coding: Synsta. PoC:...

7.1AI score
Exploits0
0day.today
0day.today
added 2006/10/08 12:0 a.m.48 views

4images 1.7.x (search.php) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ======================================================= 4images 1.7.x search.php Remote SQL Injection Exploit ======================================================= !/usr/bin/php...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/10/08 12:0 a.m.36 views

4Images 1.7.x - 'search.php' SQL Injection

!/usr/bin/php //search.php?searchuser=x%2527%20union%20select%20userpassword%20from%204imagesusers%20where%20username=%2527ADMIN w4ck1ng - w4ck1ng.com / if!$argv3 die"Usage: php $argv0 host path options table prefix user id\n Options: -d: Determine table prefix\n Example: php $argv0 domain.com...

7.4AI score
Exploits0
CVE
CVE
added 2006/04/25 10:0 a.m.55 views

CVE-2006-2011

The CVE-2006-2011 issue affects 4images 1.7 and earlier, where a Cross-site scripting (XSS) flaw exists in member.php. The vulnerability is triggered via the nickname in register.php, likely involving the user_name parameter, allowing remote attackers to inject arbitrary web script or HTML. The N...

2.6CVSS5.7AI score0.01343EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder