Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Softnews Media Group DataLife Engine allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to 1 init.php and 2 Ajax/editnews.php. NOTE: some of these details are obtained from third party information...

CVE-2007-1424

Multiple PHP remote file inclusion vulnerabilities in Softnews Media Group DataLife Engine allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to 1 init.php and 2 Ajax/editnews.php. NOTE: some of these details are obtained from third party information...

CVE-2007-1424

Multiple PHP remote file inclusion vulnerabilities in Softnews Media Group DataLife Engine allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to 1 init.php and 2 Ajax/editnews.php. NOTE: some of these details are obtained from third party information...

SoftNews 4.15.5 - engineinit.php?root_dir Remote File Inclusion

SoftNews 4.15.5 - engineinit.php?rootdir Remote File Inclusion source: https://www.securityfocus.com/bid/22913/info DataLife Engine is prone to multiple remote file-include vulnerabilities. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and...

SoftNews 4.15.5 - engineAjaxeditnews.php?root_dir Remote File Inclusion

SoftNews 4.15.5 - engineAjaxeditnews.php?rootdir Remote File Inclusion source: https://www.securityfocus.com/bid/22913/info DataLife Engine is prone to multiple remote file-include vulnerabilities. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP...

SoftNews 4.1/5.5 - '/engine/Ajax/editnews.php?root_dir' Remote File Inclusion

source: https://www.securityfocus.com/bid/22913/info DataLife Engine is prone to multiple remote file-include vulnerabilities. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may...

SoftNews 4.1/5.5 - '/engine/init.php?root_dir' Remote File Inclusion

source: https://www.securityfocus.com/bid/22913/info DataLife Engine is prone to multiple remote file-include vulnerabilities. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may...

CVE-2006-3221

SQL injection vulnerability in index.php in DataLife Engine 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded values in the user parameter in a userinfo subaction...

CVE-2006-3221

SQL injection vulnerability in index.php in DataLife Engine 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded values in the user parameter in a userinfo subaction...

CVE-2006-3221

DataLife Engine

DataLife Engine <= 4.1 Remote SQL Injection Exploit (perl)

Exploit for unknown platform in category web applications ========================================================== DataLife Engine new or die; $res = $xpl-get$url.'?subaction=userinfo&user='.$name; if$res-asstring = /do=lastcomments&userid=\d/ $userid = $1; elsif$res-asstring =...

DataLife Engine &lt;= 4.1 Remote SQL Injection Exploit (php)

No description provided by source. ?php errorreporting EERROR; iniset"maxexecutiontime",0; echo ' +========================================+ | RST/GHC Datalife SQL injection exploit | +========================================+ Lite Version for DLE =4.1 '; if $argc 2 print " Usage: " . $argv0 . "...

DataLife Engine 4.1 - SQL Injection (PHP)

DataLife Engine 4.1 - SQL Injection PHP Lite Version for DLE '; if $argc table prefix\n"; print " ex.: " . $argv0 . " datalife.engine.net admin\n"; credits; exit; //DEFINE USER ID $urla = 'http://' . $argv1 . '/index.php?subaction=userinfo&user=' . $argv2; $result = filegetcontents$urla; $str1 =...

DataLife Engine 4.1 - SQL Injection (Perl)

DataLife Engine 4.1 - SQL Injection Perl !/usr/bin/perl DataLife Engine sql injection exploit by RST/GHC coded by 1dt.w0lf RST/GHC http://rst.void.ru http://ghc.ru 18.06.06 use LWP::UserAgent; use Getopt::Std; getopts'u:n:p:'; $url = $optu; $name = $optn; $prefix = $optp || 'dle'; if!$url || !$na...

DataLife Engine <= 4.1 Remote SQL Injection Exploit (php)

Exploit for unknown platform in category web applications ========================================================= DataLife Engine Lite Version for DLE '; if $argc table prefix\n"; print " ex.: " . $argv0 . " datalife.engine.net admin\n"; credits; exit; //DEFINE USER ID $urla = 'http://' . $argv...

DataLife Engine 4.1 - SQL Injection

!/usr/bin/perl DataLife Engine sql injection exploit by RST/GHC coded by 1dt.w0lf RST/GHC http://rst.void.ru http://ghc.ru 18.06.06 use LWP::UserAgent; use Getopt::Std; getopts'u:n:p:'; $url = $optu; $name = $optn; $prefix = $optp || 'dle'; if!$url || !$name $snum = 1; $|++; $n = 0; print "\r\n";...

DataLife Engine 4.1 - SQL Injection

Lite Version for DLE '; if $argc table prefix\n"; print " ex.: " . $argv0 . " datalife.engine.net admin\n"; credits; exit; //DEFINE USER ID $urla = 'http://' . $argv1 . '/index.php?subaction=userinfo&user=' . $argv2; $result = filegetcontents$urla; $str1 = 'user=';...

advisory DATALIFE engine

------------------------------------------------ / / DataLife Engine v.3.7 SoftNews Media Group advisory Программный продукт : DataLife Engine v.3.7 SoftNews Media Group Текущее состояние : UNPATCHED Найдена : LTK Дата написания : 29nd March, 2006 Тестировалось : ; Детали : Раскрытие установочног...