1417 matches found
Stash 1.0.3 (SQL) User Credentials Disclosure Exploit
No description provided by source. !/usr/bin/perl -w User credentials disclosure exploit - stash103exp.pl Gnix [email protected] http://gnix.netsons.org This exploit use an SQL Injection in the file admin/login.php to bypass the login, and then an SQL Injection in the admin/news.php to extract a...
FAQ Management Script - catid SQL Injection
FAQ Management Script - catid SQL Injection || | | FAQ Management catid Remote SQL Injection Vulnerability | | |-------------------- Hussin X -------------------| | | Author: Hussin X | | Home : WwW.IQ-ty.CoM | | email: darkangelg85atYahooDoTcom | | | | | | | | script :...
Invision Power Board 'name'参数SQL注入漏洞
BUGTRAQ ID: 31288 CNCAN ID:CNCAN-2008092307 Invision Power Board是一款基于PHP的论坛程序。 Invision Power Board不正确处理用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息或可操作数据库。 问题是脚本对'name'参数缺少过滤,构建恶意的SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 Invision Power Services Invision Power Board 2.3.5 Invision Power Services Invision Power Boa...
Cars Vehicle - page.php SQL Injection
Cars Vehicle - page.php SQL Injection source: https://www.securityfocus.com/bid/31214/info The Cars & Vehicle script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attack...
E-PHP B2B Trading Marketplace Script - listings.php SQL Injection
E-PHP B2B Trading Marketplace Script - listings.php SQL Injection source: https://www.securityfocus.com/bid/31072/info E-Php B2B Trading Marketplace Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query...
esfaq-sql.txt
|| | | EsFaq Remote Sql Injection Exploit | | |---------------------SuB-ZeRo----------------------| | | Author: SuB-ZeRo | | Home : www.dz-security.com | | email: [email protected] | | | | | | | script :http://editeurscripts.com/ressources/scripts-php/dl.php?idscript=5 | | DorK :...
PHP-Fusion <= 6.00.206 Forum SQL Injection Vulnerability
A vulnerability is reported in the forum module of PHP-Fusion 6.00.206 and some early released versions. SPDX-FileCopyrightText: 2008 Ferdy Riphagen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
joomla-changepasswd.txt
Joomla 1.5.x Remote Admin Password Change Author: d3m0n [email protected] Greets: GregStar, gorion, d3d!k Polish "hackers" used this bug to deface turkish sites BUAHAHHA nice 0-day pff File : /components/comuser/controller.php Line : 379-399 function confirmreset // Check for request forgeries...
PowerGap Shopsystem "ag" SQL注入漏洞
CNCAN ID:CNCAN-2008081110 PowerGap Shopsystem是一款基于PHP的WEB应用程序。 PowerGap Shopsystem不正确处理用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息或操作数据库。 问题是由于's03.php'脚本不正确过滤"ag"参数,构建恶意SQL查询作为参数数据,可更改原来的SQL逻辑,可获得敏感信息或操作数据库。 PowerGap Shopsystem 目前没有解决方案提供: http://www.powergap.de/shopsystem-powergap.htm...
POWERGAP ShopSystem - s03.php SQL Injection
POWERGAP ShopSystem - s03.php SQL Injection source: https://www.securityfocus.com/bid/30558/info POWERGAP Shopsystem is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attack...
PHPKF - forum_duzen.php SQL Injection
PHPKF - forumduzen.php SQL Injection source: https://www.securityfocus.com/bid/30318/info phpKF is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
PHPKF - 'forum_duzen.php' SQL Injection
source: https://www.securityfocus.com/bid/30318/info phpKF is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, o...
Pubs Black Cat [The Fun] - browse.groups.php SQL Injection
Pubs Black Cat The Fun - browse.groups.php SQL Injection source: https://www.securityfocus.com/bid/30221/info Pubs Black Cat The Fun is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could...
Ultrastats 0.2.142 - players-detail.php Blind SQL Injection
Ultrastats 0.2.142 - players-detail.php Blind SQL Injection !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; ! Discovered.: DNX ! Vendor.....: http://www.shooter-szene.de | http://www.ultrastats.org ! Detected...: 29.06.2008 ! Reported...: 04.07.2008 ! Response...: xx.xx.2008 ! Background.:...
Joomla! Component EXP Shop 1.0 - SQL Injection
Joomla! Component EXP Shop 1.0 - SQL Injection source: https://www.securityfocus.com/bid/29869/info The EXP Shop component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue cou...
phpAuction - profile.php SQL Injection (2)
phpAuction - profile.php SQL Injection 2 source: https://www.securityfocus.com/bid/29856/info PHPAuction is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
phpmycart-sql.txt
PHPMyCart Injection Vulnerability Bug by: h0yt3r Script suffers from a not correctly verified category id variable which is used in SQL Querys. An Attacker can easily get sensitive information from the database by injecting unexpected SQL Querys. We dont get any SQL Errors when the Injection Quer...
revokebbrc11-sql.txt
!/usr/bin/python """ ================================================================================================= / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / ================================================================================================= This is a public Exploit...
AbleSpace 1.0 - 'adv_cat.php' SQL Injection
source: https://www.securityfocus.com/bid/29369/info AbleSpace is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify dat...
eCMS 0.4.2 - Multiple Vulnerabilities
eCMS 0.4.2 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/29304/info eCMS is prone to multiple security vulnerabilities, including a security-bypass issue and an SQL-injection issue. Exploiting these issues may allow an attacker to bypass certain security restrictions and ga...