Fuzzylime CMS 3.01 - 'commrss.php' Remote Code Execution

Conditions: None Greetz: Inphex, hEEGy and austeN Explanations Ok, so today we will go for a walk in the fuzzylime cms maze ... Finding vulns was easy, but finding a no condition vuln was quite harder ... First, we look to the code/content.php file:...

Dedecms V5可执行文件上传漏洞

这是一个比较有意思的东西，但是成功利用起来并不容易，呵呵。 首先看configrglobals.php文件，摘的一段代码如下。这里作者本意是为了帮我们注册变量的，但是他却疏忽了我们不但能注册变量，还能覆盖一些变量。configrglobalsmagic.php也有同样的问题 ………………………………………………………………………… ifisarray$GET foreach$GET AS $key = $value $$key = $value; //可以覆盖任意变量 ………… …………………………………………………………………………...

File Store PRO 3.2 Multiple Blind SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications =============================================================== File Store PRO 3.2 Multiple Blind SQL Injection Vulnerabilities =============================================================== | File Store PRO 3.2 Blind SQL Injection | || -...

File Store PRO 3.2 - Multiple Blind SQL Injections

| File Store PRO 3.2 Blind SQL Injection | || Download from: http://upoint.info/cgi/demo/fs/filestore.zip - Need admin rights: /confirm.php: code ifisset$GET"folder" && $GET"folder"!="" $folder=$GET"folder"; else exit"Bad Request"; ifisset$GET"id" && $GET"id"!="" $id=$GET"id"; else exit"Bad...

1024 CMS多个文件包含漏洞

BUGTRAQ ID: 30091 1024是基于PHP和MySQL的内容管理系统。 1024 CMS中存在多个文件包含漏洞，允许恶意用户泄露敏感信息或入侵有漏洞的系统。 1...

sispletcms-sql.txt

================================================================= Sisplet CMS index.php id Remote SQL Injection Vulnerability ================================================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...

fuzzylime cms 3.01 Remote Command Execution Exploit

Exploit for unknown platform in category web applications =================================================== fuzzylime cms 3.01 Remote Command Execution Exploit =================================================== !/usr/bin/perl fuzzylime 3.0.1 Perl exploit discovered & written by Ams DESCRIPTION...

CVE-2008-2996

GBX 2.0 Beta (Gravity Board X) has multiple SQL injection vulnerabilities in index.php. Specifically, two parameters are exploitable: searchquery in getsearch and board_id in viewboard, and these issues occur when magic_quotes_gpc is disabled. The CVE-2008-2996 entry documents remote execution of...

Wordtrans-web远程任意Shell命令注入漏洞

BUGTRAQ ID: 30027 CNCAN ID：CNCAN-2008070202 wordtrans-web是一款基于Web的多语言字典查询工具。 wordtrans-web存在输入验证问题，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。...

Wordtrans-web exec_wordtrans Function Arbitrary Command Execution

The remote host is running wordtrans-web, a web-based front-end for wordtrans, for translating words. The version of wordtrans-web installed on the remote host fails to sanitize input to the 'advanced' parameter of the 'wordtrans.php' script before using it in an 'passthru' statement to execute P...

Sisplet CMS (index.php id) Remote SQL Injection Vulnerability

No description provided by source. ================================================================= Sisplet CMS index.php id Remote SQL Injection Vulnerability ================================================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O...

faname10-sql.txt

netVigilance Security Advisory 42 Fa Name version 1.0 SQL Injection Vulnerability Description: Fa Name http://webscripts.softpedia.com/script/Content-Management/Fa-Name-41229.html is useful portal CMS for .name websites. You can have a simple portal but useful one for you domain names and by usei...

BareNuked CMS 1.1.0 Arbitrary Add Admin Exploit

No description provided by source. !/usr/bin/perl ============================================ BareNuked CMS Arbitrary Add Admin Exploit ============================================ ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...

Sisplet CMS 2008-01-24 - id SQL Injection

Sisplet CMS 2008-01-24 - id SQL Injection ================================================================= Sisplet CMS index.php id Remote SQL Injection Vulnerability ================================================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------'...

Sisplet CMS (index.php id) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================= Sisplet CMS index.php id Remote SQL Injection Vulnerability ============================================================= ,--^----------,--------,-----,-------^--, | |||||||||...

faname10-xss.txt

netVigilance Security Advisory 43 Fa Name version 1.0 Multiple XSS Attack Vulnerabilities Description: Fa Name http://webscripts.softpedia.com/script/Content-Management/Fa-Name-41229.html is useful portal CMS for .name websites. You can have a simple portal but useful one for you domain names and...

psys070-sql.txt

'/ -.- ---------------------oOO------OOo-------------------- | pSys v0.7.0 Alpha chatbox.php Remote SQL Injection | | works only with magic quotes = off | | coded by DNX | -------------------------------------------------------- ! Discovered.: DNX ! Vendor.....: http://www.powie.de ! Detected...:...

Sisplet CMS 2008-01-24 - 'id' SQL Injection

================================================================= Sisplet CMS index.php id Remote SQL Injection Vulnerability ================================================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...

CVE-2008-2916

Multiple SQL injection vulnerabilities in Pre ADS Portal 2.0 and earlier, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 cid parameter to showcategory.php and the 2 id parameter to software-description.php...

Directory traversal

Directory traversal vulnerability in func.php in Devalcms 1.4a, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the currentpath parameter, in conjunction with certain ... triple dot and ..... sequences in the currentfile...