2830 matches found
Iwebsns最新版SQL注入第一枚
简要描述: Iwebsns最新版SQL注入第一枚 详细说明: 在wooyun上看到雨牛提了5个iwebsns的漏洞了( WooYun: Iwebsns sql 第五枚。 ),我来捡捡漏儿吧,已对比,不重复,下载Iwebsns最新的1.1.0来看看。 为了使审核的大大们容易确认是否有重复,我先把存在漏洞的文件和注入参数分别写在这里:/action/album/photouplflash.action.php sesscode 下面看看漏洞是怎么产生的/action/album/photouplflash.action.php 无关代码 //变量定义区...
Iwebmall最新版SQL注入第一枚
简要描述: Iwebmall最新版SQL注入第一枚 详细说明: 看到wooyun上有人提了几个iweb的漏洞( WooYun: iwebmall商城程序sql注入 ),我来捡捡漏儿吧,希望不要重复。官网下载最新v1.2来看看。 先把注入点拿出来:www.xxx.com/do.php?act=userfavoritedel,POST的内容中有个参数favorite,存在注入。 /action/user/favoritedel.action.php 无关代码 // 处理post变量 ifempty$POST $favoriteid = intvalgetargs'id'; else...
Subex Fms 7.4 - SQL Injection
Subex Fms 7.4 - SQL Injection ======================================================================================= Subex ROC Fraud Management System v7.4 - Unauthenticated Blind-Time Based SQL Injection =======================================================================================...
Cart Engine 3.0 - Multiple Vulnerabilities
=== Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially crafted HTTP request, it is possible to exploi...
Cart Engine 3.0 XSS / Open Redirect / SQL Injection
=== Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially crafted HTTP request, it is possible to exploi...
TinyShop同一处盲注和存储型xss
简要描述: 参数未进行过滤,导致同一位置出现sql注入和可打后台存储xss。 详细说明: 先看看tinyshop如何处理传递的参数: /framework/lib/util/requestclass.php中 public static function get $num = funcnumargs; $args = funcgetargs; if$num==1 ifisset$GET$args0 ifisarray$GET$args0return $GET$args0; else return trim$GET$args0; return null; else if$num=2...
@CMS 2.1.1 SQL Injection
SQL Injection on @CMS 2.1.1 Stable Risk: High CWE number: CWE-89 Date: 22/08/2014 Vendor: www.atcode.net Author: Felipe " Renzi " Gabriel Contact: [email protected] Tested on: Linux Mint Vulnerable File: articles.php Exploit: http://host/articles.php?catid=SQLI PoC:...
WP Realty - MySQL Time Based Injection
The wp-realty WordPress plugin was affected by a MySQL Time Based Injection security vulnerability...
InvGate Service Desk 4.2.36 SQL Injection Vulnerability
InvGate Service Desk version 4.2.36 suffers from multiple remote SQL injection vulnerabilities. InvGate Service Desk v4.2.36 multiple vulnerabilities http://www.invgate.com/en/service-desk/ http://www.invgate.com/en/service-desk/on-premise-trial/ Invgate Service Desk suffers from many SQL...
InvGate Service Desk 4.2.36 SQL Injection
InvGate Service Desk v4.2.36 multiple vulnerabilities http://www.invgate.com/en/service-desk/ http://www.invgate.com/en/service-desk/on-premise-trial/ Invgate Service Desk suffers from many SQL injections as an authenticated, but non-privileged end-user role user. Most are also stacked injections...
kppw威客系统SQL注入一枚
简要描述: rt 详细说明: 注册处。 function checkall$regusername, $regemail, $regcode global $lang,$K; $res1 = $this-checkip ; if$K'do' $url = 'index.php?do='.$K'do'; else $url = 'index.php?do=register'; $res1 === true or $result = $res1; $res2 = $this-checkusername $regusername ; $res2 === true or $result =...
Wordpress Plugin Realty - Blind SQL Injection
No description provided by source. $$$$$$\ $$\ $$\ $$$$$$\ $$ $$\ $$ | $$ | $$ $$\ $$ / | $$ | $$ | $$ / | $$ |$$$$\ $$$$$$$$ | $$$$$$\ $$ |$$ | $$ $$ | $$\ $$ | $$ | $$ | $$ | $$\ $$ | $$$$$$ |$$\ $$ | $$ |$$\$$$$$$ | / || ||/ Exploit Title: Wordpress - wp-realty - MySQL Time Based...
vBulletin Yet Another Awards System 4.0.2 - SQL Injection
No description provided by source. Exploit Title: vBulletin Yet Another Awards System 4.0.2 Time Based SQL Injection 0day Google Dork: inurl:awards.php intext:powered by vbulletin Date: 29/08/12 Exploit Author: Backsl@sh/Dan Software Link: http://www.vbulletin.org/forum/showthread.php?t=232684...
Kordil EDMS 2.2.60rc3 - SQL Injection Vulnerability
No description provided by source. Exploit Title: Kordil EDMS v2.2.60rc3 SQL Injection Vulnerability Date: 12/05/2012 Exploit Author: Woody Hughes [email protected] Vendor Homepage: http://sourceforge.net/projects/kordiledms/ Software Link:...
Centreon Enterprise Server 2.3.3-2.3.9-4 - Blind SQL Injection Exploit
No description provided by source. !/usr/bin/env python Exploit Title: Centreon 2.3.3 - 2.3.9-4 menuXML.php Blind SQL Injection Exploit Disclosure Date: December 12, 2012 Author: modpr0be @modpr0be Platform: Linux Tested on: Centreon Enterprise Server with Centreon 2.3.9-4 on CentOS 5.5 x8664 Fin...
PizzaInn_Project - SQL Injection
No description provided by source. + Exploit: PizzaInnProject - SQL Injection + Author: vinicius777 + Contact: vinicius777 AT gmail @vinicius777 + Vendor Homepage: http://sourceforge.net/projects/restaurantmis/ 1 Sql Injection Time Based Blind PoC: http://127.0.0.1/reserve-exec.php?id=1' SQL...
Authenex A-Key/ASAS Web Management Control 3.1.0.2 (latest) - Time-based SQL Injection
No description provided by source. ============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2011-002 - Original release date: September 21, 2011 - Discovered by: Jose Carlos de Arriba - Senior Security Analyst at Foreground Security - Contact: jcarriba a...
Joomla 1.5 com_virtuemart <= 1.1.7 - Blind time-based SQL Injection (MSF)
No description provided by source. Exploit Title: Joomla 1.5 comvirtuemart = 1.1.7 blind time-based sql injection MSF module Date: Thu Jul 28, 2011 Author: TecR0c - tecr0c.mythsec @ gmail.com Version: = 1.1.7 Download: http://dev.virtuemart.net/projects/virtuemart/files Greetz: mythsec team, Jame...
GeoCore MAX DB Ver. 7.3.3 - Time-Based Blind Injection
No description provided by source. Exploit Title: GeoCore MAX DB Ver. 7.3.3 - Time-Based Blind Injection Official site: http://geodesicsolutions.com Risk Level: High Vendor : http://geodesicsolutions.com Exploit Author: Esac Homepage author : www.iss4m.ma Last Checked: 25/04/2014 +----------+ |...
Joomla DJ Classifieds Extension 2.0 - Blind SQL Injection Vulnerability
No description provided by source. $$$$$$\ $$\ $$\ $$$$$$\ $$ $$\ $$ | $$ | $$ $$\ $$ / | $$ | $$ | $$ / | $$ |$$$$\ $$$$$$$$ | $$$$$$\ $$ |$$ | $$ $$ | $$\ $$ | $$ | $$ | $$ | $$\ $$ | $$$$$$ |$$\ $$ | $$ |$$\$$$$$$ | / || ||/ Exploit Title: Joomla - DJ Classifieds - Time-Based Blind...