1116 matches found
How to use the database to crack the md5-vulnerability warning-the black bar safety net
Why password the number of bits short of MD5 unsafe? A length of 4 pure lowercase letters to generate passwords in the database with the help of Can in 0. 005s is cracked. This time also includes a connection to the database the time, the running environment is in my 900MHZ personal PC. Note that...
Apache Tomcat information leak
Under some conditions it's possible to retrieve data from previous POST request...
BusinessSpace <= 1.2 (id) Remote SQL Injection Vulnerability
No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV102$2009 ----------------------------------------------------------------------------------------- ECHOADV102$2009 BusinessSpace = 1.2 id Remote SQL Injection Vulnerability...
PHP-Fusion 7.00.1 - messages.php SQL Injection
PHP-Fusion 7.00.1 - messages.php SQL Injection \n" . " php $argv0 localhost /php-fusion/ user s3cret "SELECT database"\n". " php $argv0 localhost / user s3cret "SELECT loadfile0x2F6574632F706173737764"\n\n"; die; echo "Logging into system..."; //login to php-fusion using login and pass...
ethiclinks-sql.txt
----------------------------------------------------------------------------------------------------------------------------------------------------- Ethiclinks link.php?catid linkdirectory.php?catid directory-links.php?catid Remote SQL Injection Vulnerability http://www.ethiclinks.com/...
Pro Chat Rooms 3.0.3 - SQL Injection
Author: !DoktOR! Date found: 28.09.08 Product: Pro Chat Rooms Version: 3.0.3 Price: $55 URL: www.prochatrooms.com Vulnerability Class: SQL Injection Condition: magicquotesgpc = Off Exploit 1:...
PHPmotion 2.0 - update_profile.php Arbitrary File Upload
PHPmotion 2.0 - updateprofile.php Arbitrary File Upload = $limitsize 269. // Display file size error 270. // /////////////////////// 271. $show = 1; 272. $messagetype = $config"notificationsuccess";//the messsage displayed at t...
JAMM CMS - 'id' Blind SQL Injection
!/usr/bin/perl JAMM CMS id Blind SQL Injection Vulnerability Bug by: h0yt3r Dork: "powered by JAMM" http://www.site.de/cms/?id=blah Ok when we give $id an unexpected value like this we get an SQL Error. Unfortunately the script is so rude that it doesn't want to show us any data when we UNION...
Comdev News Publisher 4.1.2 - SQL Injection
Comdev News Publisher 4.1.2 - SQL Injection --==+================================================================================+==-- --==+ Comdev News Publisher SQL Injection Vulnerbilitys +==-- --==+================================================================================+==-- Discovere...
eazyPortal 1.0 - cookie SQL Injection
eazyPortal 1.0 - cookie SQL Injection !/usr/bin/perl Vendor url: http://www.eazyportal.com/ by Iron - http://www.randombase.com exploit goes through $COOKIE use LWP::UserAgent; use MIME::Base64; print " EazyPortal ; if$target ! /^http:/// $target = "http://".$target; if$target ! //$/ $target .=...
Invision Gallery <= 2.0.7 Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ====================================================== Invision Gallery "r57ig207" ; $mw-geometry '420x510' ; $mw-resizable0,0; $mw-Label-text = '!', -font = 'Webdings 22'-pack; $mw-Label-text = 'Invision Gallery 'Verdana 7...
INVISION POWER BOARD 2.1.7 ACTIVE XSS/SQL INJECTION EXPLOIT
---- INVISION POWER BOARD 2.1.7 EXPLOIT ... ITDefence.ru Antichat.ru INVISION POWER BOARD 2.1.7 ACTIVE XSS/SQL INJECTION Eugene Minaev [email protected] / / . / /// // / / // / / / /// / / / / / // / / / / / / / / / / / / / / / / / // / / / / // / // / / / // 2007 //// // // // // / . -...
[Full-disclosure] POWER PHLOGGER v.2.2.5 (username) SQL Injection
POWER PHLOGGER v.2.2.5 username SQL Injection Author: Attila Gerendi Darkz Date: June 25, 2007 Package: POWER PHLOGGER http://www.phpee.com/ Versions Affected: v.2.2.5 Other versions may also be affected Severity: SQL Injection Description: Input passed to the "username" parameter in "login.php"...
Fuzzylime Forum 1.0 (low.php topic) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl -w Fuzzylime Forum 1.0 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code low.php: $gettopicid = mysqlquery"SELECT FROM $tableprefixthreads WHERE...
RevokeBB 1.0 RC4 - Blind SQL Injection / Hash Retrieve
!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love ------------------------------------------------------------- "; if $argc 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.="...
My Little Forum 1.7 - user.php?id SQL Injection
My Little Forum 1.7 - user.php?id SQL Injection !/usr/bin/perl -w My Little Forum = 1.7 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code user.php: if isset$GET'id' $id = $GET'id'; switch $action case "get...
My Little Forum 1.7 - 'user.php?id' SQL Injection
!/usr/bin/perl -w My Little Forum = 1.7 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code user.php: if isset$GET'id' $id = $GET'id'; switch $action case "get userdata": if empty$id $id = $userid; else $result =...
SimpleNews <= 1.0.0 FINAL (print.php news_id) SQL Injection Exploit
No description provided by source. !/usr/bin/perl -w SimpleNews = 1.0.0 FINAL SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code print.php: $newsid = $GET'newsid'; $query = "SELECT FROM simplenewsarticles WHERE...
Design/Logic Flaw
The jQuery framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...
CVE-2007-2383
The Prototype prototypejs framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...