Sql injection

SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of these details are obtained from third party information...

CVE-2010-2040

CVE-2010-2040 is an XSS in search.php of V-EVA Shopzilla Affiliate Script PHP, exploitable via the s parameter to inject arbitrary script/HTML. Connected sources confirm the vulnerability description but do not provide concrete patch/version details or exploitation specifics. No remediation, affe...

CVE-2010-2042

ECShop 2.7.2 has an SQL injection in search.php via the encode parameter, allowing remote execution of arbitrary SQL commands. Affected component: ECShop (version 2.7.2); vulnerability arises from improper handling in search.php. Impact details and remediation steps are not provided in the suppli...

CVE-2010-2040

Cross-site scripting XSS vulnerability in search.php in V-EVA Shopzilla Affiliate Script PHP allows remote attackers to inject arbitrary web script or HTML via the s parameter...

ECShop SQL Injection

Exploit Title: ECShop Search.php SQL Injection Exploit Date: 2010-05-17 Author: Jannock Software Link: http://www.ecshop.com Version: ECShop All Version Tested on: CVE : WAVDB: WAVDB-01606 Code : ". "\n+ Ex.: php ".$argv0." localhost / 1". "\n\n"; function query$pos, $chr, $chs,$goodid switch $ch...

ECShop - 'search.php' SQL Injection

Exploit Title: ECShop Search.php SQL Injection Exploit Date: 2010-05-17 Author: Jannock Software Link: http://www.ecshop.com Version: ECShop All Version Tested on: CVE : WAVDB: WAVDB-01606 Code : ". "\n+ Ex.: php ".$argv0." localhost / 1". "\n\n"; function query$pos, $chr, $chs,$goodid switch $ch...

ECShop Search.php SQL Injection Exploit

Exploit for php platform in category web applications ======================================= ECShop Search.php SQL Injection Exploit ======================================= Author: Jannock Software Link: http://www.ecshop.com Version: ECShop All Version Tested on: CVE : WAVDB: WAVDB-01606 Code :...

ECSHOP商城系统Search.php页面过滤不严导致SQL注入漏洞

文件 search.php $string = base64decodetrim$GET'encode'; //37行 $REQUEST = arraymerge$REQUEST, addslashesdeep$string; //69行 可以看出addslashesdeep 只能参数值进行过滤。 //297行 if !empty$REQUEST'attr' $sql = "SELECT goodsid, COUNT AS num FROM " . $ecs-table"goodsattr" . " WHERE 0 "; foreach $REQUEST'attr' AS $key =...

glFusion Multiple SQL Injection Vulnerabilities

glFusion is prone to multiple SQL injection vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ProArcadeScript - 'search.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/39749/info ProArcadeScript is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the conte...

Sql injection

Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 order and 2 direction parameters to search.php...

FreeWebshop v5.0- Cross Site Scripting & SQL Injection Vulnerabilities

Exploit for php platform in category web applications ====================================================================== FreeWebshop v5.0- Cross Site Scripting & SQL Injection Vulnerabilities ====================================================================== Vendor site =...

VBulletin 4.0.2 query参数跨站脚本漏洞

vBulletin是一款开放源代码的PHP论坛程序。 当searchtype设置为1的时候，vBulletin没有正确的过滤提交给search.php页面的query参数便返回给了用户，远程攻击者可以通过提交恶意参数请求执行跨站脚本攻击，导致在用户浏览器会话中执行任意HTML和脚本代码。 VBulletin 4.0.2 厂商补丁： VBulletin --------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

PHPWind 6.0 multiple cross-site scripting vulnerability-vulnerability warning-the black bar safety net

PHPWind is a domestic of the more popular PHP-based Web forum application. PHPWind 在 访客 注销 时 没有 正确 的 过滤 提交 给 hack.php and search.php and read.php and post.php and thread.php and profile.php and sort.php and message.php and userpay. php, etc. page of request parameters, a remote attacker can submi...

Cross site scripting

Cross-site scripting XSS vulnerability in search.php in CommonSense CMS 5.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter...

CVE-2010-1072

CVE-2010-1072 describes an XSS vulnerability in Sniggabo CMS 2.21, exploitable via the q parameter in search.php. The root cause is insufficient input sanitization allowing arbitrary web script or HTML to be injected. Affected software/function/file: Sniggabo CMS 2.21, search.php (q parameter). I...

Vbulletin 4.0.2 XSS Vulnerability

================================= Vbulletin 4.0.2 XSS Vulnerability ================================= + Vbulletin 4.0.2 XSS Vulnerability 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / / / / 1 1 / / 0 0...

PHPWind 6.0 Cross Site Scripting

I found the PHPWind v6.0 just filter the xss code when the visitors login in, but it doesnt do it when login off. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This flaw makes its all the parameters...

Vbulletin 4.0.2 XSS Vulnerability

Exploit for unknown platform in category web applications ================================= Vbulletin 4.0.2 XSS Vulnerability ================================= + Vbulletin 4.0.2 XSS Vulnerability 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0...

PHP-Fusion-AP-7.00.2-Rus (search.php) disclosure ways

===================================================== PHP-Fusion-AP-7.00.2-Rus search.php disclosure ways ===================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / /...