432 matches found
Quicksite Pro - Remote SQL Injection Vulnerability
Exploit for php platform in category web applications ================================================== Quicksite Pro - Remote SQL Injection Vulnerability ================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\...
Quicksite Pro SQL Injection
=============================================== Quicksite Pro - Remote SQL Injection Vulnerability =============================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /...
Chipmunk Board 1.3 (index.php?forumID) SQL Injection
Exploit for php platform in category web applications ==================================================== Chipmunk Board 1.3 index.php?forumID SQL Injection ==================================================== Exploit Title: Chipmunk Board index.php?forumID Remote SQL Injection Vulnerability Dat...
Chipmunk Board 1.3 SQL Injection
Exploit Title: Chipmunk Board index.php?forumID Remote SQL Injection Vulnerability Date: October, 01 st 2010 Author: Shamus Software Link: http://www.chipmunk-scripts.com/board/board.zip Version: Chipmunk Forums Version 1.3 Tested on: windows CVE : -...
N-point virtual host management system-fatal vulnerability. Pass to kill all versions-bug warning-the black bar safety net
This is N fatal vulnerability directly get Server Permissions. Because directly related to MYSQL, MSSQL SA and ROOT but encrypted in a way I also see in his encryption code. A bit confused that... I looked online also with no N-point virtual host management system of one aspect of the ODAY or the...
Lyris ListManager - MSDE Weak sa Password (Metasploit)
$Id: lyrislistmanagerweakpass.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
ColdCalendar 2.06 SQL Injection
!/usr/bin/python ColdGen - coldcalender v2.06 Remote 0day SQL Injection Exploit Vendor: http://www.coldgen.com/ Found by: mrme ----------------------------------------------- Script provided 'as is', without any warranty. Use for educational purposes only. Do not use this code to do anything...
ColdUserGroup 1.06 Blind SQL Injection
!/usr/bin/python ColdGen - coldusergroup v1.06 0day Remote Blind SQL Injection Exploit Vendor: http://www.coldgen.com/ Found by: mrme ----------------------------------------------- Script provided 'as is', without any warranty. Use for educational purposes only. Do not use this code to do anythi...
ColdUserGroup 1.06 - Blind SQL Injection
ColdUserGroup 1.06 - Blind SQL Injection !/usr/bin/python ColdGen - coldusergroup v1.06 0day Remote Blind SQL Injection Exploit Vendor: http://www.coldgen.com/ Found by: mrme ----------------------------------------------- Script provided 'as is', without any warranty. Use for educational purpose...
ColdCalendar 2.06 - SQL Injection
ColdCalendar 2.06 - SQL Injection !/usr/bin/python ColdGen - coldcalender v2.06 Remote 0day SQL Injection Exploit Vendor: http://www.coldgen.com/ Found by: mrme ----------------------------------------------- Script provided 'as is', without any warranty. Use for educational purposes only. Do not...
ColdCalendar 2.06 SQL Injection Exploit
Exploit for python platform in category web applications ======================================= ColdCalendar 2.06 SQL Injection Exploit ======================================= !/usr/bin/python ColdGen - coldcalender v2.06 Remote 0day SQL Injection Exploit Vendor: http://www.coldgen.com/ Found by...
ColdUserGroup 1.06 Blind SQL Injection Exploit
Exploit for python platform in category web applications ============================================== ColdUserGroup 1.06 Blind SQL Injection Exploit ============================================== !/usr/bin/python ColdGen - coldusergroup v1.06 0day Remote Blind SQL Injection Exploit Vendor:...
ColdCalendar 2.06 - SQL Injection
!/usr/bin/python ColdGen - coldcalender v2.06 Remote 0day SQL Injection Exploit Vendor: http://www.coldgen.com/ Found by: mrme ----------------------------------------------- Script provided 'as is', without any warranty. Use for educational purposes only. Do not use this code to do anything...
ColdUserGroup 1.06 - Blind SQL Injection
!/usr/bin/python ColdGen - coldusergroup v1.06 0day Remote Blind SQL Injection Exploit Vendor: http://www.coldgen.com/ Found by: mrme ----------------------------------------------- Script provided 'as is', without any warranty. Use for educational purposes only. Do not use this code to do anythi...
Microsoft SQL Server Interesting Data Finder
This module will search the specified MSSQL server for 'interesting' columns and data. This module has been tested against the latest SQL Server 2019 docker container image 22/04/2021. This module requires Metasploit: https://metasploit.com/download Current source:...
Wind news site management system any changes to password vulnerabilities-vulnerability warning-the black bar safety net
FoosunCMS is a powerful feature of based on ASP+ACCESS/MSSQL architecture of content management software. Vulnerability analysis: In the file\User\ GetPassword. asp: ElseIf Request. Form"Action" = "step3" then //first 2 Line 8 Call step3 ...... Sub step3 //the 1 9 8 row Dim ppassnew,pconfimpassne...
风讯(FooSun)GetPassword.asp页面存在任意修改密码漏洞
FoosunCMS是一款具有强大的功能的基于ASP+ACCESS/MSSQL构架的内容管理软件。 在文件\User\ GetPassword.asp中: ElseIf Request.Form"Action" = "step3" then //第28行 Call step3 …… Sub step3 //第198行 Dim ppassnew,pconfimpassnew ppassnew = md5Request.Form"passnew",16 …… UserConn.execute"Update FSMEUsers set UserPassword ='"&...
Wind news site management system Corp_card_Unpass. asp and favorite. asp page there is unauthorized vulnerability-vulnerability warning-the black bar safety net
FoosunCMS is a powerful feature of based on ASP+ACCESS/MSSQL architecture of content management software. Vulnerability analysis: In the file\User\ CorpcardUnpass. asp: If Request. Form"Action" = "Save" then //Section 1 4-row Dim DelID,StrTmp,StrTmp1 DelID = request. Form"CorpCardID" if DelID = "...
风讯(FooSun) favorite.asp页面存在越权漏洞
FoosunCMS是一款具有强大的功能的基于ASP+ACCESS/MSSQL构架的内容管理软件。 在文件\User\ favorite.asp中: if request"Action"="del" then //第10行 if Request"id"="" then strShowErr = "li错误的参数!/li" Response.Redirect"lib/error.asp?ErrCodes="&Server.URLEncodestrShowErr&"&ErrorUrl=" Response.end else UserConn.execute"Delete from...
Wind news site management system awardAction. asp page there is a SQL injection-vulnerability warning-the black bar safety net
FoosunCMS is a powerful feature of based on ASP+ACCESS/MSSQL architecture of content management software. In the file\User\award\awardAction. asp: Integral=NoSqlHackrequest. QueryString"Integral" //paragraph 1 Line 4 if action="join" then UserConn. execute"Insert into FSMEUserPrize...