176 matches found
Discuz! member.php xss漏洞
member.php代码: if!empty$listgid && $listgid == intval$GET'listgid' //这里用的等于==而不是全等===进行的比较,且$listgid并没有初始化: $type = $adminid == 1 ? 'grouplist' : $type; else $listgid = ''; ... $multipage = multi$num, $memberperpage, $page,...
MyPHP Forum 3.0 - Edit Topics / Blind SQL Injection
/ ----------------------------------------------------------------------------------- MyPHP Forum Final = 3.0 Edit Topics/Blind SQL Injection Remote Vulnerabilities ----------------------------------------------------------------------------------- Discovered By StAkeRathotmaildotit Download On...
myphpforum-sql.txt
/ ----------------------------------------------------------------------------------- MyPHP Forum Final = 3.0 Edit Topics/Blind SQL Injection Remote Vulnerabilities ----------------------------------------------------------------------------------- Discovered By StAkeRathotmaildotit Download On...
CVE-2008-2963
CVE-2008-2963 affects MyBlog via Multiple SQL injection vulnerabilities. The issues occur in the web app’s PHP files where unsafely handled user input is used in SQL queries: the view parameter to index.php, and the id parameter to member.php and post.php. Root cause is improper input handling le...
MyPHP Forum 'faq.php' and 'member.php' Multiple SQL Injection Vulnerabilities
MyPHP Forum is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in t...
myphp-sql.txt
Name : MyPHP Forum So we can execute an sql injection thrught the bugged variable $id. PoC: http://Site/faq.php?action=view&id=-1'+union+select+1,concatusername,0x3a,password,3+from+tableprefixmember+where+uid=1/ Sql injection in member.php So $member variable isn't controlled so we can exploit i...
MyPHP Forum 3.0 (Final) - Multiple SQL Injections
Name : MyPHP Forum So we can execute an sql injection thrught the bugged variable $id. PoC: http://Site/faq.php?action=view&id=-1'+union+select+1,concatusername,0x3a,password,3+from+tableprefixmember+where+uid=1/ Sql injection in member.php So $member variable isn't controlled so we can exploit i...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the 1 s parameter to index.php, and the 2 q parameter to a faq.php, b member.php, c memberlist.php, d calendar.php, e search.php, f forumdisplay.php, g...
CVE-2007-4453
Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the 1 s parameter to index.php, and the 2 q parameter to a faq.php, b member.php, c memberlist.php, d calendar.php, e search.php, f forumdisplay.php, g...
Sql injection
Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the 2 loginid parameter uid variable, and possibly the 3 pwd parameter, to...
CVE-2007-4156
Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the 2 loginid parameter uid variable, and possibly the 3 pwd parameter, to...
CVE-2007-4156
Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the 2 loginid parameter uid variable, and possibly the 3 pwd parameter, to...
FlashGameScript <= 1.7 (user) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ================================================================ FlashGameScript = 1.7 user Remote SQL Injection Vulnerability ================================================================ FlashGameScript = 1.7 member.php$user...
CVE-2007-3449
SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter...
CVE-2007-3450
SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Sql injection
SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter...
Sql injection
SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2007-3449
SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter...
CVE-2007-3450
SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2007-3449
CVE-2007-3449 describes an SQL injection vulnerability in the 6ALBlog software, specifically in the file and function related to member.php, where the vulnerable parameter is newsid . An attacker can remotely craft input to cause arbitrary SQL commands to be executed by the backend database. The ...