4198 matches found
Eskolar CMS 0.9.0.0 - Blind SQL Injection
Eskolar CMS 0.9.0.0 - Blind SQL Injection ================================================================================================== !/usr/bin/perl use IO::Socket; ==================================================================================================...
Mambo <= 4.6rc1 (Weblinks) Remote Blind SQL Injection Exploit (2)
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "Mambo = 4.6rc1 'Weblinks' blind SQL injection / admin credentials\r\n"; echo "disclosure exploit ii quicker and more effective version, but it floods\r\n"; echo "admin of links submissions...\r\n"; echo "by rgod...
Joomla! 1.0.9 - Weblinks Blind SQL Injection
Joomla! 1.0.9 - Weblinks Blind SQL Injection !/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$stri...
blur6ex <= 0.3.462 (ID) Admin Disclosure / Blind SQL Injection Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "blur6ex = 0.3.462 'ID' blind SQL injection / admin credentials disclosure\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "dork: "powered by blur6ex"\r\n\r\n"; / works...
blur6ex <= 0.3.462 (ID) Admin Disclosure / Blind SQL Injection Exploit
Exploit for unknown platform in category web applications ====================================================================== blur6ex = 0.3.462 ID Admin Disclosure / Blind SQL Injection Exploit ====================================================================== !/usr/bin/php -q -d...
blur6ex 0.3.462 - 'ID' Admin Disclosure / Blind SQL Injection
!/usr/bin/php -q -d shortopentag=on ? echo "blur6ex = 0.3.462 'ID' blind SQL injection / admin credentials disclosure\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "dork: "powered by blur6ex"\r\n\r\n"; / works regardless of php.ini settings /...
Vegadns blind sql injection and cross site scripting
Author : Ph03n1X email : [email protected] site : http://kandangjamur.net/ vendor : www.vegadns.org version: 0.99 XSS ---- PoC : http://exam.com/vegadns/index.php?VDNSSessid=m42644r75o1eg4f7mb7e4rnpg7&message=3Ch13E3Cmarquee3Ealoo3C/marquee3E3C/h13E Vulnerable script is located in index.php...
[Full-disclosure] Dokeos 1.6.4 SQL Injection Vulnerability
Dokeos 1.6.4 SQL Injection Vulnerability Author: Alvaro Olavarria [email protected] Affected: Dokeos = 1.6.4 Status: Notified hereby Vendor url: http://www.dokeos.com Background. Dokeos is an Open Source elearning and course management web application translated in 34 languages and helping mor...
MAXDEV CMS Multiple vulnerabilities
Full Path disclosure --------------------- This hole is caused by direct access to file includes/legacy.php not protected PoC : http://site.co.id/maxdev/includes/legacy.php Fix : Turn off display error in php.ini can fix this security issue Blind sql inject ----------------- This hole is caused b...
SoftBB 0.1 (mail) Remote Blind SQL Injection Exploit
Exploit for unknown platform in category web applications ==================================================== SoftBB 0.1 mail Remote Blind SQL Injection Exploit ==================================================== !/usr/bin/env python LOTFREE TEAM 03/2006 Vulnerability info Product : SoftBB...
SoftBB 0.1 - mail Blind SQL Injection
SoftBB 0.1 - mail Blind SQL Injection !/usr/bin/env python LOTFREE TEAM 03/2006 http://lotfree.next-touch.com/ http://membres.lycos.fr/lotfree/sploits/LOTF-SoftBB.py Vulnerability info Product : SoftBB Version : 0.1 The field 'mail' in reg.php is used directly in a SQL query : $sql = 'SELECT...
SoftBB 0.1 - 'mail' Blind SQL Injection
!/usr/bin/env python LOTFREE TEAM 03/2006 http://lotfree.next-touch.com/ http://membres.lycos.fr/lotfree/sploits/LOTF-SoftBB.py Vulnerability info Product : SoftBB Version : 0.1 The field 'mail' in reg.php is used directly in a SQL query : $sql = 'SELECT pseudo,mail FROM '.$prefixtable.'membres...
LIMBO CMS <= v1.0.4.2 _SERVER[] array overwrite / remote code execution
LIMBO CMS = v1.0.4.2 SERVER array overwrite / blind SQL injection / cross site scripting / local file inclusion / path disclosure / remote code/commands execution software: site: http://www.limbo-cms.com/ description: "Putting it in short Limbo is a Content Management System, which allows you to...
Zen Cart <= 1.2.6d (password_forgotten.php) SQL Injection Exploit
No description provided by source. ?php ---zencart126dxpl.php 19.42 02/12/2005 Zen-Cart = 1.2.6d blind SQL injection / remote commands execution coded by rgod site: http://rgod.altervista.org - this works with magicquotesgpc both on & off usage: launch from Apache, fill in requested fields, then...
Unclassified NewsBoard 1.5.3 Patch 3 - Blind SQL Injection
Unclassified NewsBoard 1.5.3 Patch 3 - Blind SQL Injection titl...
Unclassified NewsBoard 1.5.3 Patch 3 Blind SQL Injection Exploit
No description provided by source. ?php ---UNB153pl3xpl.php 11.35 12/11/2005 Unclassified NewsBoard 1.5.3 patch level 3 "Datefrom" blind SQL injection / Admin MD5 password hash dump by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in requested fields, then go! make these...
Unclassified NewsBoard 1.5.3 Patch 3 - Blind SQL Injection
Unclassified NewsBoard 1.5.3pl3...
[SECURITYREASON.COM] phpnuke 7.6 Multiple vulnerabilities in Downloads Module cXIb8O3.13
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpnuke 7.6 Multiple vulnerabilities in Downloads Module cXIb8O3.13 Author: Maksymilian Arciemowicz cXIb8O3 Date: 5.4.2005 from securityreason.com TEAM - --- 0.Description --- PHP-Nuke is a Web Portal System, storytelling software, news system, online...