Million Dollar Script 2.0.14 Remote File Disclosure Vulnerability.

-------------------------------------------------------------- Million Dollar Script 2.0.14 Remote File Disclosure Vulnerability. -------------------------------------------------------------- download : http://www.milliondollarscript.com author : p4imi0 contact : [email protected] exploit :...

mds-disclose.txt

-------------------------------------------------------------- Million Dollar Script 2.0.14 Remote File Disclosure Vulnerability. -------------------------------------------------------------- download : http://www.milliondollarscript.com author : p4imi0 contact : [email protected] exploit :...

Shop-Script 2.0 index.php Remote File Disclosure Vulnerability

Exploit for unknown platform in category web applications ============================================================== Shop-Script 2.0 index.php Remote File Disclosure Vulnerability ============================================================== Shop-Script 2.0 index.php Remote File Disclosure...

Code injection

cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb...

CVE-2007-6648

Directory traversal vulnerability in index.php in SanyBee Gallery 0.1.0 and 0.1.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter...

CVE-2007-6652

cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb...

Sql injection

SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter...

CVE-2007-6647

SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter...

CVE-2007-6664

SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter...

CVE-2007-6639

CVE-2007-6639 describes a SQL injection vulnerability in IPTBB 0.5.4 and earlier, where the id parameter in the viewdir action of index.php can be exploited to execute arbitrary SQL commands remotely. Affected software is IPTBB (0.5.4 and earlier). The root cause is improper input handling in the...

NetRisk 1.9.7 - LocalRemote File Inclusion

NetRisk 1.9.7 - LocalRemote File Inclusion NetRisk = 1.9.7 Remote/Local File Inclusion Vulnerability AUTHOR : S.W.A.T. HOME : http://svvat.ir Download : http://phprisk.org/netrisk1.9.7.zip DorKs : inurl:index.php?page=gamebrowser EXPLOIT : http://server.com/Path/index.php?page=SHELL...

NetRisk 1.9.7 - Local/Remote File Inclusion

NetRisk = 1.9.7 Remote/Local File Inclusion Vulnerability AUTHOR : S.W.A.T. HOME : http://svvat.ir Download : http://phprisk.org/netrisk1.9.7.zip DorKs : inurl:index.php?page=gamebrowser EXPLOIT : http://server.com/Path/index.php?page=SHELL http://server.com/Path/index.php?page=-LFI- GREETZ :...

w-Agora 'index.php' SQL注入漏洞

BUGTRAQ ID: 27070 CNCAN ID:CNCAN-2008010213 w-Agora是一款基于PHP的WEB应用程序。 w-Agora不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。 问题是由于'index.php'脚本对用户提交的WEB参数处理缺少充分过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 W-Agora 4.2.1 目前没有解决方案提供： http://www.w-agora.net/en/index.php...

Discuz! "$_SERVER['PHP_SELF']" XSS Vulnerability

在common.inc.php文件的69行： $PHPSELF = $SERVER'PHPSELF' ? $SERVER'PHPSELF' : $SERVER'SCRIPTNAME'; $SCRIPTFILENAME = strreplace'\\', '/', isset$SERVER'PATHTRANSLATED' ? $SERVER'PATHTRANSLATED' : $SERVER'SCRIPTFILENAME'; $boardurl = 'http://'.$SERVER'HTTPHOST'.pregreplace"//+api|archiver|wap?/$/i",...

WebPortal CMS 0.6.0 - index.php SQL Injection

WebPortal CMS 0.6.0 - index.php SQL Injection !/usr/bin/perl -w WebPortal CMS If we select an inesistent id of a mod, it'll try to include it. So we have a warning error with the hash!. use LWP::UserAgent; if @ARGV new or die "-LWP::UserAgent error.\n"; $b-agent'Mozilla/4.0 compatible; MSIE 7.0;...

WebPortal CMS <= 0.6.0 (index.php m) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ================================================================= WebPortal CMS If we select an inesistent id of a mod, it'll try to include it. So we have a warning error with the hash!. use LWP::UserAgent; if @ARGV new or die...

IPTBB 0.5.4 - &#039;id&#039; SQL Injection

--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- Remote Sql...

w-Agora <= 4.2.1 (cat) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ========================================================= w-Agora = 4.2.1 cat Remote SQL Injection Vulnerability ========================================================= W-Agora = 4.2.1 Class: SQL Injection Found: 30/12/2007 Remote: Yes...

SanyBee Gallery 0.1.1 - p Local File Inclusion

SanyBee Gallery 0.1.1 - p Local File Inclusion SanyBee Gallery 0.1.1 p local File Inclusion Script Name: SanyBee Gallery 0.1.1 D.Script: http://www.easy-script.com/scripts-dl/SanyBeeGalleryV0.1.0.zip Discovered by: jackal contact: [email protected] ==Exploit==...

SanyBee Gallery 0.1.1 - &#039;p&#039; Local File Inclusion

SanyBee Gallery 0.1.1 p local File Inclusion Script Name: SanyBee Gallery 0.1.1 D.Script: http://www.easy-script.com/scripts-dl/SanyBeeGalleryV0.1.0.zip Discovered by: jackal contact: [email protected] ==Exploit== ================================================================...