OemPro 3.6.4 SQL Injection / Shell Upload

Exploit title: Multiple vulnerabilities on OemPro Product: OemPro Version Affected: v3.6.4 and probably prior. Date: 03/02/2011 Author: Ignacio Garrido Vendor: http://octeth.com Tested on: Linux - Windows 2003 Mail: [email protected] Path disclosure: http://localhost/clibounce.php FCKEditor 2.3.2...

MultiPowUpload 2.1 Shell Upload

Exploit Title: MultiPowUpload v 2.1 Remote File Upload Vulnerability Author: DIES3L Email: [email protected] Date: 26-1-2011 Software Link: http://www.element-it.com Download Software : http://www.element-it.com/Download/ElementIT.MultiPowUpload3.zip Version: 2.1 Tested on: LiNuX...

WordPress Media Manager Shell Upload

Exploit Title: Wordpress media Manager Plugins Shell Upload Vulnerability Date: 22/01/2011 Author: PenetraDz AuthorEmail:[email protected] Home:Algeria Tested on: Win Xp sp3 En Google Dork: inurl:"/plugins/ImageManager/manager.php" manager/media/editor/plugins/ImageManager/manager.php insert...

Maximus 2008 CMS Shell Upload

maximus-cms fckeditor Arbitrary File Upload Vulnerability /\ \ /\ \ /\ /\ \ \ \ \L\ \ \ /'\ /\ \ \ ,\ \ \ \ \ /\ /\ \ /'\ \ , /\ \ /' \ /' \ \ \ /\ \ \ /'\ \ \ /\ \ \ /\ /\ \ \\ \ /\ /\ /\ \L\ \ \ \ \ \ \ \ /\ / \ \ \ /\ \\ \ \ \ \ \ \ \ \ \\ \ \ \ // // //...

Sahana Agasti 0.6.5 Local File Inclusion / Shell Upload

:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ posdubatgmail.com dun / 2011-01-07 Sahana Agasti = 0.6.5 Multiple Vulnerabilities Script: "Agasti is the PHP based project of the Sahana Software...

Concrete CMS 5.4.1.1 XSS / Code Execution

!/usr/bin/python Concrete CMS v5.4.1.1 xss/remote code execution exploit Download: http://www.concrete5.org/ Special Zeitgeist pre release - "Moving Forward" - 15th Jan 2011 "They must find it difficult, those who take authority as the truth instead of truth as the authority"...

Concrete CMS 5.4.1.1 - Cross-Site Scripting / Remote Code Execution

!/usr/bin/python Concrete CMS v5.4.1.1 xss/remote code execution exploit Download: http://www.concrete5.org/ Special Zeitgeist pre release - "Moving Forward" - 15th Jan 2011 "They must find it difficult, those who take authority as the truth instead of truth as the authority"...

Amoeba CMS v1.01 multiple remote vulnerabilities

Exploit for php platform in category web applications !/usr/bin/python """ Amoeba CMS v1.01 multiple remote vulnerabilities: Vendor: http://www.amoebacms.com/ Found by: mrme Contact date: 20/12/2010 2:37pm EST SQL Injection: ============= There is quite a few instances of pre/post auth SQL...

Amoeba CMS 1.01 Shell Upload / SQL Injection

!/usr/bin/python """ Amoeba CMS v1.01 multiple remote vulnerabilities: Vendor: http://www.amoebacms.com/ Found by: mrme Contact date: 20/12/2010 2:37pm EST SQL Injection: ============= There is quite a few instances of pre/post auth SQL Injection in the web application. In one particular SQLi the...

amoeba CMS 1.01 - Multiple Vulnerabilities

amoeba CMS 1.01 - Multiple Vulnerabilities !/usr/bin/python """ Amoeba CMS v1.01 multiple remote vulnerabilities: Vendor: http://www.amoebacms.com/ Found by: mrme Contact date: 20/12/2010 2:37pm EST SQL Injection: ============= There is quite a few instances of pre/post auth SQL Injection in the...

amoeba CMS 1.01 - Multiple Vulnerabilities

!/usr/bin/python """ Amoeba CMS v1.01 multiple remote vulnerabilities: Vendor: http://www.amoebacms.com/ Found by: mrme Contact date: 20/12/2010 2:37pm EST SQL Injection: ============= There is quite a few instances of pre/post auth SQL Injection in the web application. In one particular SQLi the...

News Script PHP Pro Shell Upload

============================================================================== » News Script PHP Pro fckeditor File Upload Vulnerability ============================================================================== » Title : News Script PHP Pro fckeditor File Upload Vulnerability » Script : News...

Social Engine 4.x Shell Upload

Exploit Title: Social Engine 4.x Music Plugin Arbitrary File Upload Google Dork: inurl:"user/auth/forgot" Date: 22/12/2010 Author: MyDoom Moroccan Hacker Contact: [email protected] Software Link: http://http://www.socialengine.net Version: Social Engine 4.x should work on previous versions but...

Vacation Rental Script 4.0 Shell Upload

Script Name: Vacation Rental Script = 4.0 Site: http://www.vacationrentalscript.com/ Bug: Upload Shell Found: Br0ly google dork: "2006 - 2009 Vacation Rental Script" BraZIL!! You need register a account first so: Signup: http://server/signup Cheek your email for login and password So login in:...

CubeCart 3.x Shell Upload

============================================================================== » CubeCart v 3.x Remote File Upload Vulnerability ============================================================================== » Title : CubeCart v 3.x Remote Shell Upload Vulnerability » Script : CubeCart v3.x »...

CubeCart 3.x - Arbitrary File Upload

CubeCart 3.x - Arbitrary File Upload ============================================================================== » CubeCart v 3.x Remote File Upload Vulnerability ============================================================================== » Title : CubeCart v 3.x Remote Shell Upload...

SOOP Portal 2.0 IIS parsing upload vulnerability-vulnerability warning-the black bar safety net

Publishing author: Net. Edit0r Affected versions: SOOP Portal 2.0 Official address: upload/2 0 1 0/1 2/2 0 1 0 1 2 0 7 1 9 4 0 2 9 3 6 8 6. jpg can be uploaded and executed. Google Dork : "SOOP Portal 2.0" 1. Register On Site //the first step to register as a website member; 2...

SOOP Portal Raven 1.0b - Arbitrary File Upload

Exploit Title: SOOP Portal Raven 1.0b Remote Upload Shell Vulnerability Google Dork: "Powered by SOOP Portal Raven 1.0b" Date: 06-12-2010 Author: Sun Army Version: Raven 1.0b Tested on: Win 2003 Exploit 1.Register On Site 2.Shell Renamed to .asp.jpg shell.asp.jpg 3.Go This Page --...

OsCSS 1.2 Shell Upload

Exploit Title: OsCSS Remote File Upload Exploit Date: 12-1-2010 Author: Shichemt Alen Software Link: None Version: 1.2 Platform / Tested on: Windows XP SP2 DE & Ubuntu 10.10 category: webapps/0day Dork : inurl:"sorry script'kiddies" Contact : [email protected] - http://www.shichemt-alen.com/...

OsCSS 1.2 - Arbitrary File Upload

OsCSS 1.2 - Arbitrary File Upload Exploit Title: OsCSS Remote File Upload Exploit Date: 12-1-2010 Author: Shichemt Alen Software Link: None Version: 1.2 Platform / Tested on: Windows XP SP2 DE & Ubuntu 10.10 category: webapps/0day Dork : inurl:"sorry script'kiddies" Contact : [email protected]...